diff options
author | Florian Franzmann | 2018-08-19 19:56:55 +0200 |
---|---|---|
committer | Florian Franzmann | 2018-08-20 11:37:07 +0200 |
commit | 29c37330289f3f94fdaf12496bb61146a87e2d41 (patch) | |
tree | 656588f4b0e88a652ebd1f0adb7953ebdd7256ee /xorg-app | |
parent | ee484f641f35fa4ca47c2950c42047509d00e904 (diff) |
xorg-app/xdm: fix possible null-pointer dereference
Diffstat (limited to 'xorg-app')
-rwxr-xr-x | xorg-app/xdm/DETAILS | 1 | ||||
-rw-r--r-- | xorg-app/xdm/HISTORY | 5 | ||||
-rwxr-xr-x | xorg-app/xdm/PRE_BUILD | 1 | ||||
-rw-r--r-- | xorg-app/xdm/xdm-1.1.11-cve-2013-2179.patch | 41 |
4 files changed, 48 insertions, 0 deletions
diff --git a/xorg-app/xdm/DETAILS b/xorg-app/xdm/DETAILS index 1f011fc4bb..0196d92448 100755 --- a/xorg-app/xdm/DETAILS +++ b/xorg-app/xdm/DETAILS @@ -1,5 +1,6 @@ SPELL=xdm VERSION=1.1.11 + PATCHLEVEL=1 SOURCE=$SPELL-$VERSION.tar.bz2 SOURCE_URL[0]=http://xorg.freedesktop.org/releases/individual/app/${SOURCE} SOURCE_HASH=sha512:fe6f2b7817c0f7f07a1f5f497edcdfa15b93986fd87f314daa472dac8625327ef46ebbf40d27fe8d4a8a2f8d5af8a01c4438a29356740e0eb350f2bd0c7ec0d5 diff --git a/xorg-app/xdm/HISTORY b/xorg-app/xdm/HISTORY index cb6cf31f0e..fa17a10f8d 100644 --- a/xorg-app/xdm/HISTORY +++ b/xorg-app/xdm/HISTORY @@ -1,3 +1,8 @@ +2018-08-19 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> + * PRE_BUILD, xdm-1.1.11-cve-2013-2179.patch: fix potential null-pointer dereference, + patch from gentoo + * DETAILS: PATCHLEVEL++ + 2018-02-06 Treeve Jelbert <treeve@sourcemage.org> * DEPENDS: use xorgproto diff --git a/xorg-app/xdm/PRE_BUILD b/xorg-app/xdm/PRE_BUILD index 2680a1442c..258c0f695e 100755 --- a/xorg-app/xdm/PRE_BUILD +++ b/xorg-app/xdm/PRE_BUILD @@ -2,6 +2,7 @@ default_pre_build && cd "${SOURCE_DIRECTORY}" && patch -p1 < "${SPELL_DIRECTORY}/0001-use-X-s-default-authentication-mechanism-instead-of-.patch" && +patch -p1 < "${SPELL_DIRECTORY}/xdm-1.1.11-cve-2013-2179.patch" && if [[ $XDM_XCONSOLE == "n" ]]; then patch -p1 < "$SPELL_DIRECTORY/0001-do-not-start-xconsole.patch" diff --git a/xorg-app/xdm/xdm-1.1.11-cve-2013-2179.patch b/xorg-app/xdm/xdm-1.1.11-cve-2013-2179.patch new file mode 100644 index 0000000000..34ae7ceb3c --- /dev/null +++ b/xorg-app/xdm/xdm-1.1.11-cve-2013-2179.patch @@ -0,0 +1,41 @@ +From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Wed, 22 May 2013 14:20:26 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt(). + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- +diff --git a/greeter/verify.c b/greeter/verify.c +index db3cb7d..b009e2b 100644 +--- a/greeter/verify.c ++++ b/greeter/verify.c +@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + struct spwd *sp; + # endif + char *user_pass = NULL; ++ char *crypted_pass = NULL; + # endif + # ifdef __OpenBSD__ + char *s; +@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + # if defined(ultrix) || defined(__ultrix__) + if (authenticate_user(p, greet->password, NULL) < 0) + # else +- if (strcmp (crypt (greet->password, user_pass), user_pass)) ++ crypted_pass = crypt (greet->password, user_pass); ++ if ((crypted_pass == NULL) ++ || (strcmp (crypted_pass, user_pass))) + # endif + { + if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) { +-- +cgit v0.9.0.2-2-gbebe |