Patch for remote root exploit mentioned at

<URL:http://www.skynet.ie/~airlied/pam_smb/>. This issue has CVE name CAN-2003-0686: <URL:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0686>
svn path=/head/; revision=87726
2003-08-26 12:57:08 +00:00 · 2003-08-26 12:57:08 +00:00 · 36be5194e9 · 2021-03-31 03:12:20 +00:00
commit 36be5194e9
parent d1b22b4601
2 changed files with 20 additions and 1 deletions
--- a/security/pam_smb/Makefile
+++ b/security/pam_smb/Makefile
@ -6,7 +6,7 @@

 PORTNAME=	pam_smb
 PORTVERSION=	1.9.9
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=   http://www.csn.ul.ie/~airlied/pam_smb/devel/

--- a/security/pam_smb/files/patch-smbval::smblib.c
+++ b/security/pam_smb/files/patch-smbval::smblib.c
@ -0,0 +1,19 @@
+*** smbval/smblib.c.orig	Sat Aug 16 09:42:32 2003
+--- smbval/smblib.c	Sat Aug 16 09:43:34 2003
+***************
+*** 338,344 ****
+  
+    }
+  
+!   strcpy(pword, PassWord);
+  #ifdef PAM_SMB_ENC_PASS
+    if (Con_Handle -> encrypt_passwords)
+    {
+--- 338,344 ----
+  
+    }
+  
+!   (void)strlcpy(pword, PassWord, sizeof(pword));
+  #ifdef PAM_SMB_ENC_PASS
+    if (Con_Handle -> encrypt_passwords)
+    {