Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

10 years ago · 0a232ca6c6
--- a/libs/libpam/Makefile
+++ b/libs/libpam/Makefile
@@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk
 
				 
			
 
				 PKG_NAME:=libpam
			
 
				 PKG_VERSION:=1.1.8
			
 
				-PKG_RELEASE:=3
			
 
				+PKG_RELEASE:=4
			
 
				 
			
 
				 PKG_SOURCE:=Linux-PAM-$(PKG_VERSION).tar.bz2
			
 
				-PKG_SOURCE_URL:=http://www.linux-pam.org/library/
			
 
				+PKG_SOURCE_URL:=http://www.linux-pam.org/
			
 
				 PKG_MD5SUM:=35b6091af95981b1b2cd60d813b5e4ee
			
 
				 PKG_INSTALL:=1
			
 
				 PKG_FIXUP:=autoreconf
			
--- a/libs/libpam/patches/007-cve-2014-2583.patch
+++ b/libs/libpam/patches/007-cve-2014-2583.patch
@@ -0,0 +1,52 @@
 
				+From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001
			
 
				+From: "Dmitry V. Levin" <ldv@altlinux.org>
			
 
				+Date: Wed, 26 Mar 2014 22:17:23 +0000
			
 
				+Subject: pam_timestamp: fix potential directory traversal issue (ticket #27)
			
 
				+
			
 
				+pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
			
 
				+the timestamp pathname it creates, so extra care should be taken to
			
 
				+avoid potential directory traversal issues.
			
 
				+
			
 
				+* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
			
 
				+"." and ".." tty values as invalid.
			
 
				+(get_ruser): Treat "." and ".." ruser values, as well as any ruser
			
 
				+value containing '/', as invalid.
			
 
				+
			
 
				+Fixes CVE-2014-2583.
			
 
				+
			
 
				+Reported-by: Sebastian Krahmer <krahmer@suse.de>
			
 
				+
			
 
				+diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
			
 
				+index 5193733..b3f08b1 100644
			
 
				+--- a/modules/pam_timestamp/pam_timestamp.c
			
 
				++++ b/modules/pam_timestamp/pam_timestamp.c
			
 
				+@@ -158,7 +158,7 @@ check_tty(const char *tty)
			
 
				+ 		tty = strrchr(tty, '/') + 1;
			
 
				+ 	}
			
 
				+ 	/* Make sure the tty wasn't actually a directory (no basename). */
			
 
				+-	if (strlen(tty) == 0) {
			
 
				++	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
			
 
				+ 		return NULL;
			
 
				+ 	}
			
 
				+ 	return tty;
			
 
				+@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
			
 
				+ 		if (pwd != NULL) {
			
 
				+ 			ruser = pwd->pw_name;
			
 
				+ 		}
			
 
				++	} else {
			
 
				++		/*
			
 
				++		 * This ruser is used by format_timestamp_name as a component
			
 
				++		 * of constructed timestamp pathname, so ".", "..", and '/'
			
 
				++		 * are disallowed to avoid potential path traversal issues.
			
 
				++		 */
			
 
				++		if (!strcmp(ruser, ".") ||
			
 
				++		    !strcmp(ruser, "..") ||
			
 
				++		    strchr(ruser, '/')) {
			
 
				++			ruser = NULL;
			
 
				++		}
			
 
				+ 	}
			
 
				+ 	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
			
 
				+ 		*ruserbuf = '\0';
			
 
				+-- 
			
 
				+cgit v0.10.2
			
 
				+