packages/pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-22365

Browse Source
This commit is contained in:
zhangruifang2020 2024-01-24 10:49:55 +08:00
parent aaad15d19d
commit 44c13dab41
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
backport-CVE-2024-22365-pam_namespace-protect_dir-use-O_DIRECTORY-to-prevent.patch Normal file
View File

@ -0,0 +1,58 @@
From 031bb5a5d0d950253b68138b498dc93be69a64cb Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 27 Dec 2023 14:01:59 +0100
Subject: [PATCH] pam_namespace: protect_dir(): use O_DIRECTORY to prevent
local DoS situations
Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs
being placed in user controlled directories, causing the PAM module to
block indefinitely during `openat()`.
Pass O_DIRECTORY to cause the `openat()` to fail if the path does not
refer to a directory.
With this the check whether the final path element is a directory
becomes unnecessary, drop it.
---
modules/pam_namespace/pam_namespace.c | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 2528cff8..f72d6718 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1201,7 +1201,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
int dfd = AT_FDCWD;
int dfd_next;
int save_errno;
- int flags = O_RDONLY;
+ int flags = O_RDONLY | O_DIRECTORY;
int rv = -1;
struct stat st;
@@ -1255,22 +1255,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
rv = openat(dfd, dir, flags);
}
- if (rv != -1) {
- if (fstat(rv, &st) != 0) {
- save_errno = errno;
- close(rv);
- rv = -1;
- errno = save_errno;
- goto error;
- }
- if (!S_ISDIR(st.st_mode)) {
- close(rv);
- errno = ENOTDIR;
- rv = -1;
- goto error;
- }
- }
-
if (flags & O_NOFOLLOW) {
/* we are inside user-owned dir - protect */
if (protect_mount(rv, p, idata) == -1) {
--
2.33.0

6
pam.spec
View File

@ -4,7 +4,7 @@
%define _pamconfdir %{_sysconfdir}/pam.d
Name: pam
Version: 1.5.3
Release: 1
Release: 2
Summary: Pluggable Authentication Modules for Linux
License: BSD and GPLv2+
URL: http://www.linux-pam.org/
@ -21,6 +21,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Provides: %{name}-sm3 = %{version}-%{release}
Patch1: bugfix-pam-1.1.8-faillock-systemtime.patch
Patch2: backport-CVE-2024-22365-pam_namespace-protect_dir-use-O_DIRECTORY-to-prevent.patch
Patch9000:change-ndbm-to-gdbm.patch
Patch9001:add-sm3-crypt-support.patch
@ -179,6 +180,9 @@ fi
%changelog
* Wed Jan 24 2024 zhangruifang <zhangruifang1@h-partners.com> - 1.5.3-2
- fix CVE-2024-22365
* Fri Jul 14 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1.5.3-1
- upgrade version to 1.5.3