diff --git a/shadow-prefix-overflow.patch b/shadow-prefix-overflow.patch new file mode 100644 index 0000000..b3cb0ee --- /dev/null +++ b/shadow-prefix-overflow.patch @@ -0,0 +1,25 @@ +From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001 +From: David Michael +Date: Sun, 23 Oct 2022 18:51:33 -0400 +Subject: [PATCH] useradd: Fix buffer overflow when using a prefix + +The buffer length did not count the string's trailing null byte. + +Signed-off-by: David Michael +--- + src/useradd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 39a744ee0..7ea0a9c4d 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2372,7 +2372,7 @@ static void create_mail (void) + if (NULL == spool) { + return; + } +- file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2); ++ file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3); + if (prefix[0]) + sprintf (file, "%s/%s/%s", prefix, spool, user_name); + else diff --git a/shadow.changes b/shadow.changes index 1315405..b5a6732 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter + +- Add shadow-prefix-overflow.patch: + Fix buffer overflow when calling useradd with --prefix + See https://github.com/shadow-maint/shadow/pull/588 + ------------------------------------------------------------------- Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter diff --git a/shadow.spec b/shadow.spec index 39dcd47..2d9761a 100644 --- a/shadow.spec +++ b/shadow.spec @@ -59,6 +59,8 @@ Patch7: shadow-login_defs-suse.patch Patch8: useradd-userkeleton.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. Patch9: disable_new_audit_function.patch +# PATCH-FIX-UPSTREAM shadow-prefix-overflow.patch mvetter@suse.com -- Fix buffer overflow when using --prefix in useradd +Patch10: https://github.com/shadow-maint/shadow/commit/eaebea55a495a56317ed85e959b3599f73c6bdf2.patch#/shadow-prefix-overflow.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -129,6 +131,7 @@ Development files for libsubid4. %if 0%{?suse_version} < 1330 %patch9 -p1 %endif +%patch10 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO