apply security patch for CVE-2014-3879 which fixes an incorrect error
handling in PAM policy parser http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc
This commit is contained in:
parent
68d1fbeda9
commit
092a3bc3d8
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.3 2013/03/11 11:41:26 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.4 2014/06/04 08:50:08 robert Exp $
|
||||
|
||||
SHARED_ONLY= Yes
|
||||
|
||||
@ -7,7 +7,7 @@ COMMENT= Pluggable Authentication Module
|
||||
V= 20121009
|
||||
DISTNAME= freebsd_pam-${V}
|
||||
PKGNAME= openpam-${V}
|
||||
REVISION= 0
|
||||
REVISION= 1
|
||||
|
||||
CATEGORIES= security
|
||||
|
||||
|
127
security/openpam/patches/patch-openpam_lib_openpam_configure_c
Normal file
127
security/openpam/patches/patch-openpam_lib_openpam_configure_c
Normal file
@ -0,0 +1,127 @@
|
||||
$OpenBSD: patch-openpam_lib_openpam_configure_c,v 1.1 2014/06/04 08:50:08 robert Exp $
|
||||
|
||||
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc
|
||||
|
||||
--- openpam/lib/openpam_configure.c.orig Mon Sep 24 11:02:49 2012
|
||||
+++ openpam/lib/openpam_configure.c Wed Jun 4 10:46:14 2014
|
||||
@@ -1,6 +1,6 @@
|
||||
/*-
|
||||
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
|
||||
- * Copyright (c) 2004-2012 Dag-Erling Smørgrav
|
||||
+ * Copyright (c) 2004-2014 Dag-Erling Smørgrav
|
||||
* All rights reserved.
|
||||
*
|
||||
* This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||
@@ -194,6 +194,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid facility",
|
||||
filename, lineno);
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (facility != fclt && facility != PAM_FACILITY_ANY) {
|
||||
@@ -209,18 +210,28 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid service name",
|
||||
filename, lineno);
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
if (wordv[i] != NULL) {
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): garbage at end of line",
|
||||
filename, lineno);
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
ret = openpam_load_chain(pamh, servicename, fclt);
|
||||
FREEV(wordc, wordv);
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
+ /*
|
||||
+ * Bogus errno, but this ensures that the
|
||||
+ * outer loop does not just ignore the
|
||||
+ * error and keep searching.
|
||||
+ */
|
||||
+ if (errno == ENOENT)
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
+ }
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -230,6 +241,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid control flag",
|
||||
filename, lineno);
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@@ -239,6 +251,7 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
openpam_log(PAM_LOG_ERROR,
|
||||
"%s(%d): missing or invalid module name",
|
||||
filename, lineno);
|
||||
+ errno = EINVAL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@@ -248,8 +261,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
this->flag = ctlf;
|
||||
|
||||
/* load module */
|
||||
- if ((this->module = openpam_load_module(modulename)) == NULL)
|
||||
+ if ((this->module = openpam_load_module(modulename)) == NULL) {
|
||||
+ if (errno == ENOENT)
|
||||
+ errno = ENOEXEC;
|
||||
goto fail;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* The remaining items in wordv are the module's
|
||||
@@ -282,7 +298,11 @@ openpam_parse_chain(pam_handle_t *pamh,
|
||||
* The loop ended because openpam_readword() returned NULL, which
|
||||
* can happen for four different reasons: an I/O error (ferror(f)
|
||||
* is true), a memory allocation failure (ferror(f) is false,
|
||||
- * errno is non-zero)
|
||||
+ * feof(f) is false, errno is non-zero), the file ended with an
|
||||
+ * unterminated quote or backslash escape (ferror(f) is false,
|
||||
+ * feof(f) is true, errno is non-zero), or the end of the file was
|
||||
+ * reached without error (ferror(f) is false, feof(f) is true,
|
||||
+ * errno is zero).
|
||||
*/
|
||||
if (ferror(f) || errno != 0)
|
||||
goto syserr;
|
||||
@@ -411,6 +431,9 @@ openpam_load_chain(pam_handle_t *pamh,
|
||||
}
|
||||
ret = openpam_load_file(pamh, service, facility,
|
||||
filename, style);
|
||||
+ /* success */
|
||||
+ if (ret > 0)
|
||||
+ RETURNN(ret);
|
||||
/* the file exists, but an error occurred */
|
||||
if (ret == -1 && errno != ENOENT)
|
||||
RETURNN(ret);
|
||||
@@ -420,7 +443,8 @@ openpam_load_chain(pam_handle_t *pamh,
|
||||
}
|
||||
|
||||
/* no hit */
|
||||
- RETURNN(0);
|
||||
+ errno = ENOENT;
|
||||
+ RETURNN(-1);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -441,8 +465,10 @@ openpam_configure(pam_handle_t *pamh,
|
||||
openpam_log(PAM_LOG_ERROR, "invalid service name");
|
||||
RETURNC(PAM_SYSTEM_ERR);
|
||||
}
|
||||
- if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
|
||||
- goto load_err;
|
||||
+ if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
|
||||
+ if (errno != ENOENT)
|
||||
+ goto load_err;
|
||||
+ }
|
||||
for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
|
||||
if (pamh->chains[fclt] != NULL)
|
||||
continue;
|
Loading…
Reference in New Issue
Block a user