Dont allow a path in pam_service. CVE-2011-4122

This commit is contained in:
markd 2011-11-19 21:12:05 +00:00
parent 191850025a
commit e13bfe826a
3 changed files with 19 additions and 3 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.30 2011/11/01 06:03:01 sbd Exp $
# $NetBSD: Makefile,v 1.31 2011/11/19 21:12:05 markd Exp $
DISTNAME= kdebase-workspace-${_KDE_VERSION}
PKGREVISION= 3
PKGREVISION= 4
CATEGORIES= x11
COMMENT= base workspace for the KDE 4 integrated X11 desktop

View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.17 2011/01/23 07:55:16 markd Exp $
$NetBSD: distinfo,v 1.18 2011/11/19 21:12:05 markd Exp $
SHA1 (Daemon.README) = eb1e6af52adc02ded77af17e8953134b7e60d23b
RMD160 (Daemon.README) = 39edd92ed4314397080f32a8caff0ac3f716ecf4
@ -30,3 +30,4 @@ SHA1 (patch-cb) = 8bfcc8b7e91eafd6b444f4103d3860fb6434a535
SHA1 (patch-cc) = f0c92eb5edc2690008d028652820cad77bf50b07
SHA1 (patch-cd) = c9e7b32b39b8191f5f54a799bdfa7009136429f9
SHA1 (patch-ce) = b02c04dae0005bec33a13ecf09254d35a0e4cd0b
SHA1 (patch-kcheckpass_checkpass_pam.c) = 7c897fe7fa078a7027a08de5de5ad4c17369f0df

View file

@ -0,0 +1,15 @@
$NetBSD: patch-kcheckpass_checkpass_pam.c,v 1.1 2011/11/19 21:12:05 markd Exp $
Don't all pam_service to be a path.
--- kcheckpass/checkpass_pam.c.orig 2009-10-06 21:37:13.000000000 +0000
+++ kcheckpass/checkpass_pam.c
@@ -147,6 +147,8 @@ AuthReturn Authenticate(const char *call
/* PAM_data.classic = 1; */
pam_service = caller;
}
+ if (strchr(pam_service, '/')) /* service shouldn't be a path */
+ return AuthError;
pam_error = pam_start(pam_service, user, &PAM_conversation, &pamh);
if (pam_error != PAM_SUCCESS)
return AuthError;