[gnome-continuous-yocto/gnomeostree-3.28-rocko: 7253/8267] shadow: fix CVE-2017-12424
- From: Emmanuele Bassi <ebassi src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 7253/8267] shadow: fix CVE-2017-12424
- Date: Sun, 17 Dec 2017 05:59:20 +0000 (UTC)
commit 1f9c9a288494dab303785414b75077b91301d293
Author: Chen Qi <Qi Chen windriver com>
Date: Wed Aug 16 18:28:10 2017 +0800
shadow: fix CVE-2017-12424
Backport a patch to fix CVE-2017-12424.
In shadow before 4.5, the newusers tool could be made to manipulate
internal data structures in ways unintended by the authors.
Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424
CVE: CVE-2017-12424
(From OE-Core rev: 896495d4d2a9751e6e013a3498293b2443d7d809)
Signed-off-by: Chen Qi <Qi Chen windriver com>
Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
.../shadow/files/0001-shadow-CVE-2017-12424 | 46 ++++++++++++++++++++
meta/recipes-extended/shadow/shadow.inc | 1 +
2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
new file mode 100644
index 0000000..4d3e1e0
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
@@ -0,0 +1,46 @@
+From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz fedoraproject org>
+Date: Fri, 31 Mar 2017 16:25:06 +0200
+Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
+
+If ptr->line == NULL for an entry, the first cycle will exit,
+but the second one will happily write past entries buffer.
+We actually do not want to exit the first cycle prematurely
+on ptr->line == NULL.
+Signed-off-by: Tomas Mraz <tmraz fedoraproject org>
+
+CVE: CVE-2017-12424
+Upstream-Status: Backport
+Signed-off-by: Chen Qi <Qi Chen windriver com>
+---
+ lib/commonio.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index b10da06..31edbaa 100644
+--- a/lib/commonio.c
++++ b/lib/commonio.c
+@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
+ for (ptr = db->head;
+ (NULL != ptr)
+ #if KEEP_NIS_AT_END
+- && (NULL != ptr->line)
+- && ( ('+' != ptr->line[0])
+- && ('-' != ptr->line[0]))
++ && ((NULL == ptr->line)
++ || (('+' != ptr->line[0])
++ && ('-' != ptr->line[0])))
+ #endif
+ ;
+ ptr = ptr->next) {
+ n++;
+ }
+ #if KEEP_NIS_AT_END
+- if ((NULL != ptr) && (NULL != ptr->line)) {
++ if (NULL != ptr) {
+ nis = ptr;
+ }
+ #endif
+--
+2.1.0
+
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 5e6b0bd..cc18964 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
file://0001-useradd-copy-extended-attributes-of-home.patch \
+ file://0001-shadow-CVE-2017-12424 \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]