rpms / kde-workspace

Clone
Source Code
GIT

Files

  1.   652846e3cb021223739e364462f3e9039a2ddd8b
  2.   SOURCES
  3.   kde-workspace-4.10.5-CVE-2013-4132.patch
Blob Blame History Raw 
From 45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7 Mon Sep 17 00:00:00 2001
From: Michael Pyne <mpyne@kde.org>
Date: Sat, 29 Jun 2013 16:13:20 -0400
Subject: [PATCH 1/6] kdm, kcheckpass: Check for NULL return from crypt(3) and
 friends.

Potential issue noted and fixed by Mancha <mancha1@hush.com>.

Patch reviewed by myself and ossi. Backported to 4.10 by myself.

REVIEW:111261
FIXED-IN:4.10.5
---
 kcheckpass/checkpass_etcpasswd.c   | 3 ++-
 kcheckpass/checkpass_osfc2passwd.c | 3 ++-
 kcheckpass/checkpass_shadow.c      | 2 +-
 kdm/backend/client.c               | 7 +++++--
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c
index 1dbe06f..e261b7c 100644
--- a/kcheckpass/checkpass_etcpasswd.c
+++ b/kcheckpass/checkpass_etcpasswd.c
@@ -35,6 +35,7 @@ AuthReturn Authenticate(const char *method,
 {
   struct passwd *pw;
   char *passwd;
+  char *crpt_passwd;
 
   if (strcmp(method, "classic"))
     return AuthError;
@@ -49,7 +50,7 @@ AuthReturn Authenticate(const char *method,
   if (!(passwd = conv(ConvGetHidden, 0)))
     return AuthAbort;
 
-  if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
+  if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) {
     dispose(passwd);
     return AuthOk; /* Success */
   }
diff --git a/kcheckpass/checkpass_osfc2passwd.c b/kcheckpass/checkpass_osfc2passwd.c
index 9a074f9..d181233 100644
--- a/kcheckpass/checkpass_osfc2passwd.c
+++ b/kcheckpass/checkpass_osfc2passwd.c
@@ -38,6 +38,7 @@ AuthReturn Authenticate(const char *method,
         const char *login, char *(*conv) (ConvRequest, const char *))
 {
   char *passwd;
+  char *crpt_passwd;
   char c2passwd[256];
 
   if (strcmp(method, "classic"))
@@ -52,7 +53,7 @@ AuthReturn Authenticate(const char *method,
   if (!(passwd = conv(ConvGetHidden, 0)))
     return AuthAbort;
 
-  if (!strcmp(c2passwd, osf1c2crypt(passwd, c2passwd))) {
+  if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) {
     dispose(passwd);
     return AuthOk; /* Success */
   }
diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
index ec3a4e0..c0f6913 100644
--- a/kcheckpass/checkpass_shadow.c
+++ b/kcheckpass/checkpass_shadow.c
@@ -69,7 +69,7 @@ AuthReturn Authenticate(const char *method,
   crpt_passwd = crypt(typed_in_password, password);
 #endif
 
-  if (!strcmp(password, crpt_passwd )) {
+  if (crpt_passwd && !strcmp(password, crpt_passwd )) {
     dispose(typed_in_password);
     return AuthOk; /* Success */
   }
diff --git a/kdm/backend/client.c b/kdm/backend/client.c
index bdff6da..26bb0b4 100644
--- a/kdm/backend/client.c
+++ b/kdm/backend/client.c
@@ -540,6 +540,9 @@ verify(GConvFunc gconv, int rootok)
 # if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
     int tim, expir, warntime, quietlog;
 # endif
+# if !defined(ultrix) && !defined(__ultrix__) && (defined(HAVE_PW_ENCRYPT) || defined(HAVE_CRYPT))
+    char *crpt_passwd;
+# endif
 #endif
 
     debug("verify ...\n");
@@ -752,9 +755,9 @@ verify(GConvFunc gconv, int rootok)
 # if defined(ultrix) || defined(__ultrix__)
     if (authenticate_user(p, curpass, 0) < 0)
 # elif defined(HAVE_PW_ENCRYPT)
-    if (strcmp(pw_encrypt(curpass, p->pw_passwd), p->pw_passwd))
+    if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
 # elif defined(HAVE_CRYPT)
-    if (strcmp(crypt(curpass, p->pw_passwd), p->pw_passwd))
+    if (!(crpt_passwd = crypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
 # else
     if (strcmp(curpass, p->pw_passwd))
 # endif
-- 
1.8.3.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation