forked from pool/pam_pkcs11
Stanislav Brabec
d1602a056e
- Address security issues found by X41 D-Sec audit (bsc#1105012) * Authentication Replay * Buffer Overflow * Memory not cleaned properly before free() - add patches: * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch * 0002-fixed-buffer-overflow-with-long-home-directory.patch * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch OBS-URL: https://build.opensuse.org/request/show/629902 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/pam_pkcs11?expand=0&rev=24
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From a37fe986997b2d2fefc350c43650cc8193389235 Mon Sep 17 00:00:00 2001
|
|
From: Frank Morgner <frankmorgner@gmail.com>
|
|
Date: Fri, 25 May 2018 23:53:44 +0200
|
|
Subject: [PATCH 2/3] fixed buffer overflow with long home directory
|
|
|
|
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
|
|
for reporting the issue.
|
|
---
|
|
src/mappers/openssh_mapper.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/mappers/openssh_mapper.c b/src/mappers/openssh_mapper.c
|
|
index b9e09f7..ed0a409 100644
|
|
--- a/src/mappers/openssh_mapper.c
|
|
+++ b/src/mappers/openssh_mapper.c
|
|
@@ -311,7 +311,7 @@ _DEFAULT_MAPPER_END
|
|
*/
|
|
static int openssh_mapper_match_user(X509 *x509, const char *user, void *context) {
|
|
struct passwd *pw;
|
|
- char filename[512];
|
|
+ char filename[PATH_MAX];
|
|
if (!x509) return -1;
|
|
if (!user) return -1;
|
|
pw = getpwnam(user);
|
|
@@ -333,7 +333,7 @@ static char * openssh_mapper_find_user(X509 *x509, void *context, int *match) {
|
|
/* parse list of users until match */
|
|
setpwent();
|
|
while((pw=getpwent()) != NULL) {
|
|
- char filename[512];
|
|
+ char filename[PATH_MAX];
|
|
DBG1("Trying to match certificate with user: '%s'",pw->pw_name);
|
|
if ( is_empty_str(pw->pw_dir) ) {
|
|
DBG1("User '%s' has no home directory",pw->pw_name);
|
|
--
|
|
2.18.0
|
|
|