packages/cyrus-sasl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!27 [sync] PR-24: 【openEuler-22.03-LTS-Next】Fix CVE-2022-24407

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2022-02-24 09:01:35 +00:00 committed by Gitee
commit 07905d509d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 87 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch Normal file
View File

@ -0,0 +1,82 @@
From 9eff746c9daecbcc0041b09a5a51ba30738cdcbc Mon Sep 17 00:00:00 2001
From: Klaus Espenlaub <klaus@espenlaub.com>
Date: Tue, 8 Feb 2022 20:34:40 +0000
Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update
commands.
Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>
---
plugins/sql.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/plugins/sql.c b/plugins/sql.c
index 31b54a7..6ac81c2 100644
--- a/plugins/sql.c
+++ b/plugins/sql.c
@@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,
char *statement = NULL;
char *escap_userid = NULL;
char *escap_realm = NULL;
+ char *escap_passwd = NULL;
const char *cmd;
sql_settings_t *settings;
@@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,
"Unable to begin transaction\n");
}
for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
+ /* Free the buffer, current content is from previous loop. */
+ if (escap_passwd) {
+ sparams->utils->free(escap_passwd);
+ escap_passwd = NULL;
+ }
if (cur->name[0] == '*') {
continue;
@@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,
}
sparams->utils->free(statement);
+ if (cur->values[0]) {
+ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
+ if (!escap_passwd) {
+ ret = SASL_NOMEM;
+ break;
+ }
+ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
+ }
+
/* create a statement that we will use */
statement = sql_create_statement(cmd, cur->name, escap_userid,
escap_realm,
- cur->values && cur->values[0] ?
- cur->values[0] : SQL_NULL_VALUE,
+ escap_passwd ?
+ escap_passwd : SQL_NULL_VALUE,
sparams->utils);
+ if (!statement) {
+ ret = SASL_NOMEM;
+ break;
+ }
{
char *log_statement =
sql_create_statement(cmd, cur->name,
escap_userid,
escap_realm,
- cur->values && cur->values[0] ?
+ escap_passwd ?
"<omitted>" : SQL_NULL_VALUE,
sparams->utils);
sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
@@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,
done:
if (escap_userid) sparams->utils->free(escap_userid);
if (escap_realm) sparams->utils->free(escap_realm);
+ if (escap_passwd) sparams->utils->free(escap_passwd);
if (conn) settings->sql_engine->sql_close(conn);
if (userid) sparams->utils->free(userid);
if (realm) sparams->utils->free(realm);
--
1.8.3.1

6
cyrus-sasl.spec
View File

@ -6,7 +6,7 @@
Name: cyrus-sasl
Version: 2.1.27
Release: 12
Release: 13
Summary: The Cyrus SASL API Implementation
License: BSD with advertising
@ -18,6 +18,7 @@ Source2: saslauthd.sysconfig
Patch0: 0003-Prevent-double-free-of-RC4-context.patch
Patch1: fix-CVE-2019-19906.patch
Patch2: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
Patch3: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@ -260,6 +261,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
%changelog
* Thu Feb 24 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-13
- fix CVE-2022-24407
* Thu Aug 26 2021 panxiaohe <panxiaohe@huawei.com> - 2.1.27-12
- remove with-bdb=db from configure