forked from pool/shadow
- Add shadow-prefix-overflow.patch:
Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=127
This commit is contained in:
parent
2fcb52ebdf
commit
30472fc2d8
25
shadow-prefix-overflow.patch
Normal file
25
shadow-prefix-overflow.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From eaebea55a495a56317ed85e959b3599f73c6bdf2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Michael <fedora.dm0@gmail.com>
|
||||||
|
Date: Sun, 23 Oct 2022 18:51:33 -0400
|
||||||
|
Subject: [PATCH] useradd: Fix buffer overflow when using a prefix
|
||||||
|
|
||||||
|
The buffer length did not count the string's trailing null byte.
|
||||||
|
|
||||||
|
Signed-off-by: David Michael <fedora.dm0@gmail.com>
|
||||||
|
---
|
||||||
|
src/useradd.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index 39a744ee0..7ea0a9c4d 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -2372,7 +2372,7 @@ static void create_mail (void)
|
||||||
|
if (NULL == spool) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
|
||||||
|
+ file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
|
||||||
|
if (prefix[0])
|
||||||
|
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
||||||
|
else
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
- Add shadow-prefix-overflow.patch:
|
||||||
|
Fix buffer overflow when calling useradd with --prefix
|
||||||
|
See https://github.com/shadow-maint/shadow/pull/588
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
@ -59,6 +59,8 @@ Patch7: shadow-login_defs-suse.patch
|
|||||||
Patch8: useradd-userkeleton.patch
|
Patch8: useradd-userkeleton.patch
|
||||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||||
Patch9: disable_new_audit_function.patch
|
Patch9: disable_new_audit_function.patch
|
||||||
|
# PATCH-FIX-UPSTREAM shadow-prefix-overflow.patch mvetter@suse.com -- Fix buffer overflow when using --prefix in useradd
|
||||||
|
Patch10: https://github.com/shadow-maint/shadow/commit/eaebea55a495a56317ed85e959b3599f73c6bdf2.patch#/shadow-prefix-overflow.patch
|
||||||
BuildRequires: audit-devel > 2.3
|
BuildRequires: audit-devel > 2.3
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -129,6 +131,7 @@ Development files for libsubid4.
|
|||||||
%if 0%{?suse_version} < 1330
|
%if 0%{?suse_version} < 1330
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%endif
|
%endif
|
||||||
|
%patch10 -p1
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
Loading…
Reference in New Issue
Block a user