diff options
author | Robby Workman <rworkman@slackbuilds.org> | 2014-01-31 11:53:47 -0600 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2014-01-31 11:53:47 -0600 |
commit | ac47d224ac0ac8b84a58c723ec4a12391971e223 (patch) | |
tree | 43a7e7a4605b6beb5be78263cc866782d8b770f1 | |
parent | c0538d8c0870848d589fb99f12e29dc50be2937e (diff) |
system/gdm: Update glibc crypt patch to fix segfaults
Thanks to Andrzej Telszewski for the report and thanks
to mancha for his quick response with the fix.
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
-rw-r--r-- | system/gdm/gdm.SlackBuild | 2 | ||||
-rw-r--r-- | system/gdm/patches/gdm-2.20.11-crypt.diff | 34 |
2 files changed, 26 insertions, 10 deletions
diff --git a/system/gdm/gdm.SlackBuild b/system/gdm/gdm.SlackBuild index a262e9f55edf6..6b610e6c00876 100644 --- a/system/gdm/gdm.SlackBuild +++ b/system/gdm/gdm.SlackBuild @@ -11,7 +11,7 @@ PRGNAM=gdm VERSION=${VERSION:-2.20.11} -BUILD=${BUILD:-5} +BUILD=${BUILD:-6} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then diff --git a/system/gdm/patches/gdm-2.20.11-crypt.diff b/system/gdm/patches/gdm-2.20.11-crypt.diff index d72bd80c46e5a..57860d39e6902 100644 --- a/system/gdm/patches/gdm-2.20.11-crypt.diff +++ b/system/gdm/patches/gdm-2.20.11-crypt.diff @@ -1,11 +1,27 @@ -Correctly handle crypt() NULL returns when built against glibc 2.17+ +From cb04d3cb6b3899b5386f940a385d08c66dcd0da1 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Fri, 31 Jan 2014 +Subject: Handle new crypt() behavior in glibc 2.17+ -Author: mancha +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). -======= +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. ---- gdm-2.20.11/daemon/verify-crypt.c.orig 2013-06-23 -+++ gdm-2.20.11/daemon/verify-crypt.c 2013-06-23 +Note: gdm 2.20.11 is the last version that support non-PAM + authentication which is why it is the latest stable + maintained for Slackware Linux via slackbuilds.org. + +--- + daemon/verify-crypt.c | 13 ++++++++++--- + daemon/verify-shadow.c | 13 ++++++++++--- + 2 files changed, 20 insertions(+), 6 deletions(-) + +--- a/daemon/verify-crypt.c ++++ b/daemon/verify-crypt.c @@ -104,7 +104,7 @@ gdm_verify_user (GdmDisplay *d, const char *username, gboolean allow_retry) @@ -21,7 +37,7 @@ Author: mancha /* Check whether password is valid */ - if (ppasswd == NULL || (ppasswd[0] != '\0' && - strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) { -+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL; ++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL; + if (ppasswd == NULL || cpasswd == NULL || + (ppasswd[0] != '\0' && + strcmp (cpasswd, ppasswd) != 0)) { @@ -68,8 +84,8 @@ Author: mancha if ( ! gdm_slave_check_user_wants_to_log_in (login)) { g_free (login); ---- gdm-2.20.11/daemon/verify-shadow.c.orig 2013-06-23 -+++ gdm-2.20.11/daemon/verify-shadow.c 2013-06-23 +--- a/daemon/verify-shadow.c ++++ b/daemon/verify-shadow.c @@ -105,7 +105,7 @@ gdm_verify_user (GdmDisplay *d, const char *username, gboolean allow_retry) @@ -85,7 +101,7 @@ Author: mancha /* Check whether password is valid */ - if (ppasswd == NULL || (ppasswd[0] != '\0' && - strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) { -+ cpasswd = ppasswd ? crypt (passwd, ppasswd) : NULL; ++ cpasswd = ppasswd ? g_strdup(crypt (passwd, ppasswd)) : NULL; + if (ppasswd == NULL || cpasswd == NULL || + (ppasswd[0] != '\0' && + strcmp (cpasswd, ppasswd) != 0)) { |