fix CVE-2024-58250
This commit is contained in:
eaglegai
parent
af2145715b
commit
68e3b41921
190
backport-CVE-2024-58250.patch
Normal file
190
backport-CVE-2024-58250.patch
Normal file
@ -0,0 +1,190 @@
|
||||
From 0a66ad22e54c72690ec2a29a019767c55c5281fc Mon Sep 17 00:00:00 2001
|
||||
From: Paul Mackerras <paulus@ozlabs.org>
|
||||
Date: Fri, 18 Oct 2024 20:22:57 +1100
|
||||
Subject: [PATCH] pppd: Remove passprompt plugin
|
||||
|
||||
This is prompted by a number of factors:
|
||||
|
||||
* It was more useful back in the dial-up days, but no-one uses dial-up
|
||||
any more
|
||||
|
||||
* In many cases there will be no terminal accessible to the prompter
|
||||
program at the point where the prompter is run
|
||||
|
||||
* The passwordfd plugin does much the same thing but does it more
|
||||
cleanly and securely
|
||||
|
||||
* The handling of privileges and file descriptors needs to be audited
|
||||
thoroughly.
|
||||
|
||||
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
||||
---
|
||||
pppd/plugins/Makefile.am | 6 +-
|
||||
pppd/plugins/passprompt.c | 137 --------------------------------------
|
||||
2 files changed, 1 insertion(+), 142 deletions(-)
|
||||
delete mode 100644 pppd/plugins/passprompt.c
|
||||
|
||||
diff --git a/pppd/plugins/Makefile.am b/pppd/plugins/Makefile.am
|
||||
index 2826148c7..9480d51b4 100644
|
||||
--- a/pppd/plugins/Makefile.am
|
||||
+++ b/pppd/plugins/Makefile.am
|
||||
@@ -1,4 +1,4 @@
|
||||
-pppd_plugin_LTLIBRARIES = minconn.la passprompt.la passwordfd.la winbind.la
|
||||
+pppd_plugin_LTLIBRARIES = minconn.la passwordfd.la winbind.la
|
||||
pppd_plugindir = $(PPPD_PLUGIN_DIR)
|
||||
|
||||
PLUGIN_CPPFLAGS = -I${top_srcdir}
|
||||
@@ -8,10 +8,6 @@ minconn_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
|
||||
minconn_la_LDFLAGS = $(PLUGIN_LDFLAGS)
|
||||
minconn_la_SOURCES = minconn.c
|
||||
|
||||
-passprompt_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
|
||||
-passprompt_la_LDFLAGS = $(PLUGIN_LDFLAGS)
|
||||
-passprompt_la_SOURCES = passprompt.c
|
||||
-
|
||||
passwordfd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
|
||||
passwordfd_la_LDFLAGS = $(PLUGIN_LDFLAGS)
|
||||
passwordfd_la_SOURCES = passwordfd.c
|
||||
diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
|
||||
deleted file mode 100644
|
||||
index 7779d511d..000000000
|
||||
--- a/pppd/plugins/passprompt.c
|
||||
+++ /dev/null
|
||||
@@ -1,137 +0,0 @@
|
||||
-/*
|
||||
- * passprompt.c - pppd plugin to invoke an external PAP password prompter
|
||||
- *
|
||||
- * Copyright 1999 Paul Mackerras, Alan Curry.
|
||||
- *
|
||||
- * This program is free software; you can redistribute it and/or
|
||||
- * modify it under the terms of the GNU General Public License
|
||||
- * as published by the Free Software Foundation; either version
|
||||
- * 2 of the License, or (at your option) any later version.
|
||||
- */
|
||||
-
|
||||
-#include <errno.h>
|
||||
-#include <unistd.h>
|
||||
-#include <sys/wait.h>
|
||||
-#include <sys/param.h>
|
||||
-#include <limits.h>
|
||||
-#include <stdio.h>
|
||||
-#include <syslog.h>
|
||||
-#include <stdarg.h>
|
||||
-#include <stdint.h>
|
||||
-#include <stdbool.h>
|
||||
-#include <string.h>
|
||||
-
|
||||
-#include <pppd/pppd.h>
|
||||
-#include <pppd/upap.h>
|
||||
-#include <pppd/eap.h>
|
||||
-#include <pppd/options.h>
|
||||
-
|
||||
-char pppd_version[] = PPPD_VERSION;
|
||||
-
|
||||
-static char promptprog[PATH_MAX+1];
|
||||
-static int promptprog_refused = 0;
|
||||
-
|
||||
-static struct option options[] = {
|
||||
- { "promptprog", o_string, promptprog,
|
||||
- "External PAP password prompting program",
|
||||
- OPT_STATIC, NULL, PATH_MAX },
|
||||
- { NULL }
|
||||
-};
|
||||
-
|
||||
-static int promptpass(char *user, char *passwd)
|
||||
-{
|
||||
- int p[2];
|
||||
- pid_t kid;
|
||||
- int readgood, wstat, ret;
|
||||
- ssize_t red;
|
||||
-
|
||||
- if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0)
|
||||
- return -1; /* sorry, can't help */
|
||||
-
|
||||
- if (!passwd)
|
||||
- return 1;
|
||||
-
|
||||
- if (pipe(p)) {
|
||||
- warn("Can't make a pipe for %s", promptprog);
|
||||
- return 0;
|
||||
- }
|
||||
- if ((kid = fork()) == (pid_t) -1) {
|
||||
- warn("Can't fork to run %s", promptprog);
|
||||
- close(p[0]);
|
||||
- close(p[1]);
|
||||
- return 0;
|
||||
- }
|
||||
- if (!kid) {
|
||||
- /* we are the child, exec the program */
|
||||
- char *argv[5], fdstr[32];
|
||||
- ppp_sys_close();
|
||||
- closelog();
|
||||
- close(p[0]);
|
||||
- ret = seteuid(getuid());
|
||||
- if (ret != 0) {
|
||||
- warn("Couldn't set effective user id");
|
||||
- }
|
||||
- ret = setegid(getgid());
|
||||
- if (ret != 0) {
|
||||
- warn("Couldn't set effective user id");
|
||||
- }
|
||||
- sprintf(fdstr, "%d", p[1]);
|
||||
- argv[0] = promptprog;
|
||||
- argv[1] = strdup(user);
|
||||
- argv[2] = strdup(ppp_remote_name());
|
||||
- argv[3] = fdstr;
|
||||
- argv[4] = 0;
|
||||
- execv(*argv, argv);
|
||||
- _exit(127);
|
||||
- }
|
||||
-
|
||||
- /* we are the parent, read the password from the pipe */
|
||||
- close(p[1]);
|
||||
- readgood = 0;
|
||||
- do {
|
||||
- red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
|
||||
- if (red == 0)
|
||||
- break;
|
||||
- if (red < 0) {
|
||||
- if (errno == EINTR && !ppp_signaled(SIGTERM))
|
||||
- continue;
|
||||
- error("Can't read secret from %s: %m", promptprog);
|
||||
- readgood = -1;
|
||||
- break;
|
||||
- }
|
||||
- readgood += red;
|
||||
- } while (readgood < MAXSECRETLEN - 1);
|
||||
- close(p[0]);
|
||||
-
|
||||
- /* now wait for child to exit */
|
||||
- while (waitpid(kid, &wstat, 0) < 0) {
|
||||
- if (errno != EINTR || ppp_signaled(SIGTERM)) {
|
||||
- warn("error waiting for %s: %m", promptprog);
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if (readgood < 0)
|
||||
- return 0;
|
||||
- passwd[readgood] = 0;
|
||||
- if (!WIFEXITED(wstat))
|
||||
- warn("%s terminated abnormally", promptprog);
|
||||
- if (WEXITSTATUS(wstat)) {
|
||||
- warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat));
|
||||
- /* code when cancel was hit in the prompt prog */
|
||||
- if (WEXITSTATUS(wstat) == 128) {
|
||||
- promptprog_refused = 1;
|
||||
- }
|
||||
- return -1;
|
||||
- }
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
-void plugin_init(void)
|
||||
-{
|
||||
- ppp_add_options(options);
|
||||
- pap_passwd_hook = promptpass;
|
||||
-#ifdef PPP_WITH_EAPTLS
|
||||
- eaptls_passwd_hook = promptpass;
|
||||
-#endif
|
||||
-}
|
||||
9
ppp.spec
9
ppp.spec
@ -1,6 +1,6 @@
|
||||
Name: ppp
|
||||
Version: 2.5.0
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: The Point-to-Point Protocol
|
||||
|
||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||
@ -38,6 +38,7 @@ Patch0009: refuse-pap-by-default-for-security.patch
|
||||
|
||||
Patch0010: backport-Fixing-up-parsing-in-radiusclient.conf.patch
|
||||
Patch0011: backport-Add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
|
||||
Patch0012: backport-CVE-2024-58250.patch
|
||||
|
||||
%description
|
||||
The Point-to-Point Protocol (PPP) provides a standard way to establish
|
||||
@ -141,6 +142,12 @@ mkdir -p %{buildroot}%{_rundir}/pppd/lock
|
||||
%{_mandir}/man8/*.8.gz
|
||||
|
||||
%changelog
|
||||
* Tue Apr 29 2025 gaihuiying <eaglegai@163.com> - 2.5.0-5
|
||||
- Type:CVE
|
||||
- CVE:CVE-2024-58250
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-58250
|
||||
|
||||
* Fri Feb 14 2025 gaihuiying <eaglegai@163.com> - 2.5.0-4
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user