sudo: handle glibc 2.17 crypt semantics
Staring from glibc 2.17 the crypt() function will error out and return NULL if the seed or "correct" is invalid. The failure case for this is the sudo user having a locked account in /etc/shadow, so their password is "!", which is an invalid hash. crypt() never returned NULL previously so this is crashing in strcmp(). [ YOCTO #4241 ] (From OE-Core rev: 06d7078f7631b92e8b789f8e94a3a346d8181ce6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
230441f0c8
commit
2d94f1bde7
|
@ -0,0 +1,24 @@
|
|||
Staring from glibc 2.17 the crypt() function will error out and return NULL if
|
||||
the seed or "correct" is invalid. The failure case for this is the sudo user
|
||||
having a locked account in /etc/shadow, so their password is "!", which is an
|
||||
invalid hash. crypt() never returned NULL previously so this is crashing in
|
||||
strcmp().
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
|
||||
===================================================================
|
||||
--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100
|
||||
+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100
|
||||
@@ -96,7 +96,9 @@
|
||||
*/
|
||||
epass = (char *) crypt(pass, pw_epasswd);
|
||||
pass[8] = sav;
|
||||
- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
||||
+ if (epass == NULL)
|
||||
+ error = AUTH_FAILURE;
|
||||
+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
||||
error = strncmp(pw_epasswd, epass, DESLEN);
|
||||
else
|
||||
error = strcmp(pw_epasswd, epass);
|
|
@ -4,6 +4,7 @@ PR = "r0"
|
|||
|
||||
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
|
||||
file://libtool.patch \
|
||||
file://crypt.patch \
|
||||
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
|
||||
|
||||
PAM_SRC_URI = "file://sudo.pam"
|
||||
|
|
Loading…
Reference in New Issue