Fix CVE 2022-1049
This commit is contained in:
bizhiyuan
parent
cac631e9a6
commit
d3176995fe
56
Fix-CVE-2022-1049.patch
Normal file
56
Fix-CVE-2022-1049.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From 32d90eab80ee957350c4c218ecf7ed5ac7efc7d0 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Thu, 19 Oct 2023 16:54:43 +0800
|
||||
Subject: [PATCH] FIX CVE-2022-1049
|
||||
|
||||
---
|
||||
CHANGELOG.md | 4 +++-
|
||||
pcs/daemon/auth.py | 3 +++
|
||||
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CHANGELOG.md b/CHANGELOG.md
|
||||
index 7949064..c6007ac 100644
|
||||
--- a/CHANGELOG.md
|
||||
+++ b/CHANGELOG.md
|
||||
@@ -17,7 +17,8 @@
|
||||
cluster cib-upgrade` manually is not needed ([rhbz#2022463])
|
||||
- Fix displaying differences between configuration checkpoints in
|
||||
`pcs config checkpoint diff` command ([rhbz#2175881])
|
||||
-
|
||||
+- Pcs daemon was allowing expired accounts, and accounts with expired
|
||||
+ passwords to login when using PAM auth. ([huntr#220307])
|
||||
|
||||
[ghissue#441]: https://github.com/ClusterLabs/pcs/issues/441
|
||||
[ghpull#431]: https://github.com/ClusterLabs/pcs/pull/431
|
||||
@@ -28,6 +29,7 @@
|
||||
[rhbz#2033248]: https://bugzilla.redhat.com/show_bug.cgi?id=2033248
|
||||
[rhbz#2036633]: https://bugzilla.redhat.com/show_bug.cgi?id=2036633
|
||||
[rhbz#2175881]: https://bugzilla.redhat.com/show_bug.cgi?id=2175881
|
||||
+[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/
|
||||
|
||||
## [0.11.1] - 2021-11-30
|
||||
|
||||
diff --git a/pcs/daemon/auth.py b/pcs/daemon/auth.py
|
||||
index 592aa63..1ae2ed2 100644
|
||||
--- a/pcs/daemon/auth.py
|
||||
+++ b/pcs/daemon/auth.py
|
||||
@@ -52,6 +52,7 @@ libpam = CDLL(find_library("pam"))
|
||||
strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p])
|
||||
calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint])
|
||||
pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int])
|
||||
+pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int])
|
||||
pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int])
|
||||
pam_start = prep_fn(
|
||||
libpam.pam_start,
|
||||
@@ -90,6 +91,8 @@ def authenticate_by_pam(username, password):
|
||||
)
|
||||
if returncode == PAM_SUCCESS:
|
||||
returncode = pam_authenticate(pamh, 0)
|
||||
+ if returncode == PAM_SUCCESS:
|
||||
+ returncode = pam_acct_mgmt(pamh, 0)
|
||||
pam_end(pamh, returncode)
|
||||
return returncode == PAM_SUCCESS
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
6
pcs.spec
6
pcs.spec
@ -1,6 +1,6 @@
|
||||
Name: pcs
|
||||
Version: 0.11.2
|
||||
Release: 6
|
||||
Release: 7
|
||||
License: GPLv2 and BSD-2-Clause and ASL 2.0 and MIT
|
||||
URL: https://github.com/ClusterLabs/pcs
|
||||
Summary: Pacemaker Configuration System
|
||||
@ -46,6 +46,7 @@ Patch6: fix-pcs-config-checkpoint-diff-command.patch
|
||||
#https://github.com/ClusterLabs/pcs/pull/522
|
||||
Patch7: fix-pcs-quorum-device-remove.patch
|
||||
Patch8: tests-fix-datetime-race-condition.patch
|
||||
Patch9: Fix-CVE-2022-1049.patch
|
||||
|
||||
# git for patches
|
||||
BuildRequires: git-core
|
||||
@ -409,6 +410,9 @@ run_all_tests
|
||||
%license pyagentx_LICENSE.txt
|
||||
|
||||
%changelog
|
||||
* Thu Oct 19 2023 bizhiyuan <bizhiyuan@kylinos.cn> - 0.11.2-7
|
||||
- Fix CVE-2022-1049
|
||||
|
||||
* Wed Sep 06 2023 bizhiyuan <bizhiyuan@kylinos.cn> - 0.11.2-6
|
||||
- fix datetime race condition
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user