28de8ae255
- fix possible overflow and DOS in pam_env (bnc#724480) CVE-2011-3148, CVE-2011-3149 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=83
30 lines
917 B
Diff
30 lines
917 B
Diff
Description: correctly count leading whitespace when parsing environment
|
|
file (CVE-2011-3148).
|
|
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
|
|
Author: Kees Cook <kees@debian.org>
|
|
|
|
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
|
|
===================================================================
|
|
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
|
|
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
|
|
@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char
|
|
char *p = buffer;
|
|
char *s, *os;
|
|
int used = 0;
|
|
+ int whitespace;
|
|
|
|
/* loop broken with a 'break' when a non-'\\n' ended line is read */
|
|
|
|
@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char
|
|
|
|
/* skip leading spaces --- line may be blank */
|
|
|
|
- s = p + strspn(p, " \n\t");
|
|
+ whitespace = strspn(p, " \n\t");
|
|
+ s = p + whitespace;
|
|
if (*s && (*s != '#')) {
|
|
+ used += whitespace;
|
|
os = s;
|
|
|
|
/*
|