diff options
Diffstat (limited to 'system/gdm/patches/gdm-2.20.11-crypt.diff')
-rw-r--r-- | system/gdm/patches/gdm-2.20.11-crypt.diff | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/system/gdm/patches/gdm-2.20.11-crypt.diff b/system/gdm/patches/gdm-2.20.11-crypt.diff index d72bd80c46..57860d39e6 100644 --- a/system/gdm/patches/gdm-2.20.11-crypt.diff +++ b/system/gdm/patches/gdm-2.20.11-crypt.diff @@ -1,11 +1,27 @@ -Correctly handle crypt() NULL returns when built against glibc 2.17+ +From cb04d3cb6b3899b5386f940a385d08c66dcd0da1 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Fri, 31 Jan 2014 +Subject: Handle new crypt() behavior in glibc 2.17+ -Author: mancha +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). -======= +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. ---- gdm-2.20.11/daemon/verify-crypt.c.orig 2013-06-23 -+++ gdm-2.20.11/daemon/verify-crypt.c 2013-06-23 +Note: gdm 2.20.11 is the last version that support non-PAM + authentication which is why it is the latest stable + maintained for Slackware Linux via slackbuilds.org. + +--- + daemon/verify-crypt.c | 13 ++++++++++--- + daemon/verify-shadow.c | 13 ++++++++++--- + 2 files changed, 20 insertions(+), 6 deletions(-) + +--- a/daemon/verify-crypt.c ++++ b/daemon/verify-crypt.c @@ -104,7 +104,7 @@ gdm_verify_user (GdmDisplay *d, const char *username, gboolean allow_retry) @@ -21,7 +37,7 @@ Author: mancha /* Check whether password is valid */ - if (ppasswd == NULL || (ppasswd[0] != '\0' && - strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) { -+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL; ++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL; + if (ppasswd == NULL || cpasswd == NULL || + (ppasswd[0] != '\0' && + strcmp (cpasswd, ppasswd) != 0)) { @@ -68,8 +84,8 @@ Author: mancha if ( ! gdm_slave_check_user_wants_to_log_in (login)) { g_free (login); ---- gdm-2.20.11/daemon/verify-shadow.c.orig 2013-06-23 -+++ gdm-2.20.11/daemon/verify-shadow.c 2013-06-23 +--- a/daemon/verify-shadow.c ++++ b/daemon/verify-shadow.c @@ -105,7 +105,7 @@ gdm_verify_user (GdmDisplay *d, const char *username, gboolean allow_retry) @@ -85,7 +101,7 @@ Author: mancha /* Check whether password is valid */ - if (ppasswd == NULL || (ppasswd[0] != '\0' && - strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) { -+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL; ++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL; + if (ppasswd == NULL || cpasswd == NULL || + (ppasswd[0] != '\0' && + strcmp (cpasswd, ppasswd) != 0)) { |