forked from pool/shadow
Accepting request 1030965 from Base:System
- Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 OBS-URL: https://build.opensuse.org/request/show/1030965 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=49
This commit is contained in:
commit
33a33d170a
25
shadow-prefix-overflow.patch
Normal file
25
shadow-prefix-overflow.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001
|
||||
From: David Michael <fedora.dm0@gmail.com>
|
||||
Date: Sun, 23 Oct 2022 18:51:33 -0400
|
||||
Subject: [PATCH] useradd: Fix buffer overflow when using a prefix
|
||||
|
||||
The buffer length did not count the string's trailing null byte.
|
||||
|
||||
Signed-off-by: David Michael <fedora.dm0@gmail.com>
|
||||
---
|
||||
src/useradd.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index 39a744ee0..7ea0a9c4d 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -2372,7 +2372,7 @@ static void create_mail (void)
|
||||
if (NULL == spool) {
|
||||
return;
|
||||
}
|
||||
- file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
|
||||
+ file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
|
||||
if (prefix[0])
|
||||
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
||||
else
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Add shadow-prefix-overflow.patch:
|
||||
Fix buffer overflow when calling useradd with --prefix
|
||||
See https://github.com/shadow-maint/shadow/pull/588
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
|
@ -59,6 +59,8 @@ Patch7: shadow-login_defs-suse.patch
|
||||
Patch8: useradd-userkeleton.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch9: disable_new_audit_function.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-prefix-overflow.patch mvetter@suse.com -- Fix buffer overflow when using --prefix in useradd
|
||||
Patch10: https://github.com/shadow-maint/shadow/commit/eaebea55a495a56317ed85e959b3599f73c6bdf2.patch#/shadow-prefix-overflow.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -129,6 +131,7 @@ Development files for libsubid4.
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch9 -p1
|
||||
%endif
|
||||
%patch10 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
Loading…
Reference in New Issue
Block a user