summaryrefslogtreecommitdiff
path: root/system/gdm/patches/gdm-2.20.11-crypt.diff
diff options
context:
space:
mode:
Diffstat (limited to 'system/gdm/patches/gdm-2.20.11-crypt.diff')
-rw-r--r--system/gdm/patches/gdm-2.20.11-crypt.diff34
1 files changed, 25 insertions, 9 deletions
diff --git a/system/gdm/patches/gdm-2.20.11-crypt.diff b/system/gdm/patches/gdm-2.20.11-crypt.diff
index d72bd80c46..57860d39e6 100644
--- a/system/gdm/patches/gdm-2.20.11-crypt.diff
+++ b/system/gdm/patches/gdm-2.20.11-crypt.diff
@@ -1,11 +1,27 @@
-Correctly handle crypt() NULL returns when built against glibc 2.17+
+From cb04d3cb6b3899b5386f940a385d08c66dcd0da1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Fri, 31 Jan 2014
+Subject: Handle new crypt() behavior in glibc 2.17+
-Author: mancha
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
-=======
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
---- gdm-2.20.11/daemon/verify-crypt.c.orig 2013-06-23
-+++ gdm-2.20.11/daemon/verify-crypt.c 2013-06-23
+Note: gdm 2.20.11 is the last version that support non-PAM
+ authentication which is why it is the latest stable
+ maintained for Slackware Linux via slackbuilds.org.
+
+---
+ daemon/verify-crypt.c | 13 ++++++++++---
+ daemon/verify-shadow.c | 13 ++++++++++---
+ 2 files changed, 20 insertions(+), 6 deletions(-)
+
+--- a/daemon/verify-crypt.c
++++ b/daemon/verify-crypt.c
@@ -104,7 +104,7 @@ gdm_verify_user (GdmDisplay *d,
const char *username,
gboolean allow_retry)
@@ -21,7 +37,7 @@ Author: mancha
/* Check whether password is valid */
- if (ppasswd == NULL || (ppasswd[0] != '\0' &&
- strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
-+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL;
++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL;
+ if (ppasswd == NULL || cpasswd == NULL ||
+ (ppasswd[0] != '\0' &&
+ strcmp (cpasswd, ppasswd) != 0)) {
@@ -68,8 +84,8 @@ Author: mancha
if ( ! gdm_slave_check_user_wants_to_log_in (login)) {
g_free (login);
---- gdm-2.20.11/daemon/verify-shadow.c.orig 2013-06-23
-+++ gdm-2.20.11/daemon/verify-shadow.c 2013-06-23
+--- a/daemon/verify-shadow.c
++++ b/daemon/verify-shadow.c
@@ -105,7 +105,7 @@ gdm_verify_user (GdmDisplay *d,
const char *username,
gboolean allow_retry)
@@ -85,7 +101,7 @@ Author: mancha
/* Check whether password is valid */
- if (ppasswd == NULL || (ppasswd[0] != '\0' &&
- strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
-+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL;
++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL;
+ if (ppasswd == NULL || cpasswd == NULL ||
+ (ppasswd[0] != '\0' &&
+ strcmp (cpasswd, ppasswd) != 0)) {