SHA256
1
0
forked from pool/shadow

Accepting request 1030965 from Base:System

- Add shadow-prefix-overflow.patch:
  Fix buffer overflow when calling useradd with --prefix
  See https://github.com/shadow-maint/shadow/pull/588

OBS-URL: https://build.opensuse.org/request/show/1030965
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=49
This commit is contained in:
Dominique Leuenberger 2022-10-26 10:31:12 +00:00 committed by Git OBS Bridge
commit 33a33d170a
3 changed files with 35 additions and 0 deletions

View File

@ -0,0 +1,25 @@
From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Sun, 23 Oct 2022 18:51:33 -0400
Subject: [PATCH] useradd: Fix buffer overflow when using a prefix
The buffer length did not count the string's trailing null byte.
Signed-off-by: David Michael <fedora.dm0@gmail.com>
---
src/useradd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index 39a744ee0..7ea0a9c4d 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2372,7 +2372,7 @@ static void create_mail (void)
if (NULL == spool) {
return;
}
- file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
+ file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
if (prefix[0])
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
else

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter <mvetter@suse.com>
- Add shadow-prefix-overflow.patch:
Fix buffer overflow when calling useradd with --prefix
See https://github.com/shadow-maint/shadow/pull/588
-------------------------------------------------------------------
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>

View File

@ -59,6 +59,8 @@ Patch7: shadow-login_defs-suse.patch
Patch8: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch9: disable_new_audit_function.patch
# PATCH-FIX-UPSTREAM shadow-prefix-overflow.patch mvetter@suse.com -- Fix buffer overflow when using --prefix in useradd
Patch10: https://github.com/shadow-maint/shadow/commit/eaebea55a495a56317ed85e959b3599f73c6bdf2.patch#/shadow-prefix-overflow.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
@ -129,6 +131,7 @@ Development files for libsubid4.
%if 0%{?suse_version} < 1330
%patch9 -p1
%endif
%patch10 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO