rpm/pam
SHA256
1
0
Fork 0
forked from pool/pam
Code Pull Requests Activity
28de8ae255
pam/bug-724480_pam_env-fix-dos.patch
Michael Calmer 28de8ae255 - pam_tally2: remove invalid options from manpage (bnc#726071) 
- fix possible overflow and DOS in pam_env (bnc#724480)
  CVE-2011-3148, CVE-2011-3149

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=83
2011-10-25 12:29:41 +00:00

34 lines
1.2 KiB
Diff
Raw Blame History

Description: abort when encountering an overflowed environment variable
expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook <kees@debian.org>
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
tmp, tmpptr);
+ return PAM_ABORT;
}
continue;
}
@@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* if ('{' != *orig++) */
@@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog(pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* for (;*orig;) */
View Git Blame Copy Permalink