From 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 4 Nov 2013 17:08:47 +0000 Subject: Slackware 14.1 Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) --- source/ap/screen/screen.SlackBuild | 7 ++- source/ap/screen/screen.crypt.diff | 126 +++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+), 2 deletions(-) create mode 100644 source/ap/screen/screen.crypt.diff (limited to 'source/ap/screen') diff --git a/source/ap/screen/screen.SlackBuild b/source/ap/screen/screen.SlackBuild index 29ad8c69..b182233c 100755 --- a/source/ap/screen/screen.SlackBuild +++ b/source/ap/screen/screen.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2008, 2009, 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2011, 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -21,7 +21,7 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. VERSION=${VERSION:-4.0.3} -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -58,6 +58,9 @@ cd screen-$VERSION || exit 1 # Increase the size of the termname buffer from 20 to 63: zcat $CWD/screen.d_termname.envterm.buffersizeincrease.diff.gz | patch -p1 --verbose || exit 1 +# Patch for newer glibc that might return NULL from crypt(): +zcat $CWD/screen.crypt.diff.gz | patch -p2 --verbose || exit 1 + chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ diff --git a/source/ap/screen/screen.crypt.diff b/source/ap/screen/screen.crypt.diff new file mode 100644 index 00000000..2c80efbb --- /dev/null +++ b/source/ap/screen/screen.crypt.diff @@ -0,0 +1,126 @@ +From cbaa666d4f21988164068a38ac915f8b4f3c4da3 Mon Sep 17 00:00:00 2001 +From: Sadrul Habib Chowdhury +Date: Sat, 15 Sep 2012 03:40:23 +0000 +Subject: Guard against NULL returns from crypt(). + +crypt() can return NULL on an error. Make sure these nulls are +handled properly instead of crashing. The fix is thanks to a patch +from Lukás Nykrýn . +--- +diff --git a/src/acls.c b/src/acls.c +index e728bb8..2f8c809 100644 +--- a/src/acls.c ++++ b/src/acls.c +@@ -455,6 +455,16 @@ int recursive; + return gp; /* *gp is NULL */ + } + ++static int ++PasswordMatches(pw, password) ++const char *pw, *password; ++{ ++ if (!*password) ++ return 0; ++ char *buf = crypt(pw, password); ++ return (buf && !strcmp(buf, password)); ++} ++ + /* + * Returns nonzero if failed or already linked. + * Both users are created on demand. +@@ -544,8 +554,7 @@ char *name, *pw1, *pw2; + + if (pw2 && *pw2 && *pw2 != '\377') /* provided a system password */ + { +- if (!*pass || /* but needed none */ +- strcmp(crypt(pw2, pass), pass)) ++ if (!PasswordMatches(pw2, pass)) + { + debug("System password mismatch\n"); + sorry++; +@@ -554,11 +563,10 @@ char *name, *pw1, *pw2; + else /* no pasword provided */ + if (*pass) /* but need one */ + sorry++; +-#endif ++#endif /* CHECKLOGIN */ + if (pw1 && *pw1 && *pw1 != '\377') /* provided a screen password */ + { +- if (!*u->u_password || /* but needed none */ +- strcmp(crypt(pw1, u->u_password), u->u_password)) ++ if (!PasswordMatches(pw1, u->u_password)) + { + debug("screen password mismatch\n"); + sorry++; +diff --git a/src/attacher.c b/src/attacher.c +index 370d594..4e496be 100644 +--- a/src/attacher.c ++++ b/src/attacher.c +@@ -882,6 +882,12 @@ screen_builtin_lck() + salt[1] = 'A' + (int)((time(0) >> 6) % 26); + salt[2] = 0; + pass = crypt(mypass, salt); ++ if (!pass) ++ { ++ fprintf(stderr, "crypt() error.\007\n"); ++ sleep(2); ++ return; ++ } + pass = ppp->pw_passwd = SaveStr(pass); + } + #endif +@@ -924,7 +930,8 @@ screen_builtin_lck() + if (pam_error == PAM_SUCCESS) + break; + #else +- if (!strncmp(crypt(cp1, pass), pass, strlen(pass))) ++ char *buf = crypt(cp1, pass); ++ if (buf && !strncmp(buf, pass, strlen(pass))) + break; + #endif + debug("screen_builtin_lck: NO!!!!!\n"); +diff --git a/src/process.c b/src/process.c +index bdf9355..30497a3 100644 +--- a/src/process.c ++++ b/src/process.c +@@ -6360,6 +6360,12 @@ char *data; + buf = crypt(u->u_password, salt); + bzero(u->u_password, strlen(u->u_password)); + free((char *)u->u_password); ++ if (!buf) ++ { ++ Msg(0, "[ crypt() error - no secure ]"); ++ u->u_password = NullStr; ++ return; ++ } + u->u_password = SaveStr(buf); + bzero(buf, strlen(buf)); + #ifdef COPY_PASTE +diff --git a/src/socket.c b/src/socket.c +index 8f9a315..a7755a4 100644 +--- a/src/socket.c ++++ b/src/socket.c +@@ -1565,13 +1565,18 @@ int ilen; + c = *(unsigned char *)ibuf++; + if (c == '\r' || c == '\n') + { ++ char *buf = NULL; + up = D_user->u_password; + pwdata->buf[l] = 0; +- if (strncmp(crypt(pwdata->buf, up), up, strlen(up))) ++ buf = crypt(pwdata->buf, up); ++ if (!buf || strncmp(buf, up, strlen(up))) + { + /* uh oh, user failed */ + bzero(pwdata->buf, sizeof(pwdata->buf)); +- AddStr("\r\nPassword incorrect.\r\n"); ++ if (!buf) ++ AddStr("\r\ncrypt() failed.\r\n"); ++ else ++ AddStr("\r\nPassword incorrect.\r\n"); + D_processinputdata = 0; /* otherwise freed by FreeDis */ + FreeDisplay(); + Msg(0, "Illegal reattach attempt from terminal %s.", pwdata->m.m_tty); +-- +cgit v0.9.0.2 + -- cgit v1.2.3