/[packages]/cauldron/pam/current/SOURCES/pam-1.1.8-cve-2013-7041.patch
ViewVC logotype

Contents of /cauldron/pam/current/SOURCES/pam-1.1.8-cve-2013-7041.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 650771 - (show annotations) (download)
Tue Jul 8 19:34:02 2014 UTC (9 years, 9 months ago) by luigiwalser
File size: 1977 byte(s) 
- add patches from fedora to fix CVE-2013-7041 and CVE-2014-2583
- update pam-redhat tarball to 0.99.11 (from fedora)
- rename 90-nproc.conf to 20-nproc.conf (from fedora)
- remove patches 7 and 11 (from fedora)
1 From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
2 From: "Dmitry V. Levin" <ldv@altlinux.org>
3 Date: Fri, 24 Jan 2014 22:18:32 +0000
4 Subject: [PATCH] pam_userdb: fix password hash comparison
5
6 Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
7 passwords support in pam_userdb, hashes are compared case-insensitively.
8 This bug leads to accepting hashes for completely different passwords in
9 addition to those that should be accepted.
10
11 Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
12 modern password hashes with different lengths and settings, did not
13 update the hash comparison accordingly, which leads to accepting
14 computed hashes longer than stored hashes when the latter is a prefix
15 of the former.
16
17 * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
18 hash whose length differs from the stored hash length.
19 Compare computed and stored hashes case-sensitively.
20 Fixes CVE-2013-7041.
21
22 Bug-Debian: http://bugs.debian.org/731368
23 ---
24 modules/pam_userdb/pam_userdb.c | 9 ++++++---
25 1 file changed, 6 insertions(+), 3 deletions(-)
26
27 diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
28 index de8b5b1..ff040e6 100644
29 --- a/modules/pam_userdb/pam_userdb.c
30 +++ b/modules/pam_userdb/pam_userdb.c
31 @@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
32 } else {
33 cryptpw = crypt (pass, data.dptr);
34
35 - if (cryptpw) {
36 - compare = strncasecmp (data.dptr, cryptpw, data.dsize);
37 + if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
38 + compare = memcmp(data.dptr, cryptpw, data.dsize);
39 } else {
40 compare = -2;
41 if (ctrl & PAM_DEBUG_ARG) {
42 - pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
43 + if (cryptpw)
44 + pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
45 + else
46 + pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
47 }
48 };
49
50 --
51 1.8.3.1
52
  ViewVC Help
Powered by ViewVC 1.1.30