packages/pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!20 Prevent SEGFAULT for unknown UID

Browse Source 
From: @panxh_purple
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2020-10-31 17:58:06 +08:00 committed by Gitee
commit 6474ee2d98
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Prevent-SEGFAULT-for-unknown-UID.patch Normal file
View File

@ -0,0 +1,32 @@
From e21fd1f344a67844925ab9a06b0f54299c94b56c Mon Sep 17 00:00:00 2001
From: "Anton D. Kachalov" <rnouse@google.com>
Date: Tue, 29 Sep 2020 23:20:57 +0200
Subject: [PATCH] Prevent SEGFAULT for unknown UID
When running systemd service with DynamicUser being set, the dynamic UID
might be not mapped to user name (/etc/nsswitch.conf is not configured
with systemd nss module).
The getuidname() routine might return NULL and this is not checked by callee.
Signed-off-by: Anton D. Kachalov <rnouse@google.com>
---
modules/pam_unix/unix_chkpwd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 15a1c2a..3931bab 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -137,7 +137,7 @@ int main(int argc, char *argv[])
user = getuidname(getuid());
/* if the caller specifies the username, verify that user
matches it */
- if (strcmp(user, argv[1])) {
+ if (user == NULL || strcmp(user, argv[1])) {
user = argv[1];
/* no match -> permanently change to the real user and proceed */
if (setuid(getuid()) != 0)
--
1.8.3.1

10
pam.spec
View File

@ -4,7 +4,7 @@
%define _pamconfdir %{_sysconfdir}/pam.d %define _pamconfdir %{_sysconfdir}/pam.d
Name: pam Name: pam
Version: 1.4.0 Version: 1.4.0
Release: 2 Release: 3
Summary: Pluggable Authentication Modules for Linux Summary: Pluggable Authentication Modules for Linux
License: BSD and GPLv2+ License: BSD and GPLv2+
URL: http://www.linux-pam.org/ URL: http://www.linux-pam.org/
@ -24,6 +24,7 @@ Patch2: fix-login-message.patch
Patch3: Move-check_user_in_passwd-from-pam_localuser.c-to-pa.patch Patch3: Move-check_user_in_passwd-from-pam_localuser.c-to-pa.patch
Patch4: pam_faillock-fix-build-on-musl.patch Patch4: pam_faillock-fix-build-on-musl.patch
Patch5: pam_modutil_check_user_in_passwd-avoid-timing-attack.patch Patch5: pam_modutil_check_user_in_passwd-avoid-timing-attack.patch
Patch6: Prevent-SEGFAULT-for-unknown-UID.patch
BuildRequires: autoconf automake libtool bison flex sed cracklib-devel BuildRequires: autoconf automake libtool bison flex sed cracklib-devel
BuildRequires: perl-interpreter pkgconfig gettext-devel libtirpc-devel libnsl2-devel BuildRequires: perl-interpreter pkgconfig gettext-devel libtirpc-devel libnsl2-devel
@ -169,10 +170,11 @@ fi
%changelog %changelog
* Sat Oct 31 2020 panxiaohe <panxiaohe@huawei.com> - 1.4.0-3
- Prevent SEGFAULT for unknown UID
* Fri Sep 25 2020 panxiaohe <panxiaohe@huawei.com> - 1.4.0-2 * Fri Sep 25 2020 panxiaohe <panxiaohe@huawei.com> - 1.4.0-2
- fix the following issue. - backport some patches from upstream
"Current password:" is repeated twice when executing the passwd
command as a normal user and the input password is wrong.
* Fri Jul 24 2020 Liquor <lirui130@huawei.com> - 1.4.0-1 * Fri Jul 24 2020 Liquor <lirui130@huawei.com> - 1.4.0-1
- update to 1.4.0 - update to 1.4.0