emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch.

Browse Source
This commit is contained in:
nekral-guest 2007-11-10 18:48:23 +00:00
parent 6a051e1544
commit 1bdb92706e
4 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,6 +1,12 @@
2007-11-10 Nicolas François <nicolas.francois@centraliens.net> 2007-11-10 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/useradd.c: allow non numerical group identifier to be * NEWS, src/chgpasswd.c, src/chpasswd.c: Fix chpasswd and
chgpasswd stack overflow. Based on Fedora's
shadow-4.0.18.1-overflow.patch.
2007-11-10 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/useradd.c: Allow non numerical group identifier to be
specified with useradd's -g option. Applied Debian patch specified with useradd's -g option. Applied Debian patch
397_non_numerical_identifier. Thanks also to Greg Schafer 397_non_numerical_identifier. Thanks also to Greg Schafer
<gschafer@zip.com.au>. <gschafer@zip.com.au>.

2
NEWS
View File

@ -6,6 +6,8 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED
- useradd: Allow non numerical group identifier to be specified with - useradd: Allow non numerical group identifier to be specified with
useradd's -g option. Applied Debian patch 397_non_numerical_identifier. useradd's -g option. Applied Debian patch 397_non_numerical_identifier.
Thanks also to Greg Schafer <gschafer@zip.com.au>. Thanks also to Greg Schafer <gschafer@zip.com.au>.
- chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow. Based on
Fedora's shadow-4.0.18.1-overflow.patch.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007 shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007

8
src/chgpasswd.c
View File

@ -243,9 +243,13 @@ int main (int argc, char **argv)
newpwd = cp; newpwd = cp;
if (!eflg) { if (!eflg) {
if (md5flg) { if (md5flg) {
char salt[12] = "$1$"; char tmp[12];
char salt[15] = "";
strcat (salt, crypt_make_salt ()); strcat (tmp, crypt_make_salt ());
if (!strncmp (tmp, "$1$", 3))
strcat (salt, "$1$");
strcat (salt, tmp);
cp = pw_encrypt (newpwd, salt); cp = pw_encrypt (newpwd, salt);
} else } else
cp = pw_encrypt (newpwd, crypt_make_salt ()); cp = pw_encrypt (newpwd, crypt_make_salt ());

8
src/chpasswd.c
View File

@ -239,9 +239,13 @@ int main (int argc, char **argv)
newpwd = cp; newpwd = cp;
if (!eflg) { if (!eflg) {
if (md5flg) { if (md5flg) {
char salt[12] = "$1$"; char tmp[12];
char salt[15] = "";
strcat (salt, crypt_make_salt ()); strcat (tmp, crypt_make_salt ());
if (!strncmp (tmp, "$1$", 3))
strcat (salt, "$1$");
strcat (salt, tmp);
cp = pw_encrypt (newpwd, salt); cp = pw_encrypt (newpwd, salt);
} else } else
cp = pw_encrypt (newpwd, crypt_make_salt ()); cp = pw_encrypt (newpwd, crypt_make_salt ());