[oe-commits] Ross Burton : sudo: handle glibc 2.17 crypt semantics
git at git.openembedded.org
git at git.openembedded.org
Thu Apr 11 15:11:58 UTC 2013
Module: openembedded-core.git
Branch: dylan
Commit: 06d7078f7631b92e8b789f8e94a3a346d8181ce6
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=06d7078f7631b92e8b789f8e94a3a346d8181ce6
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Apr 11 15:57:58 2013 +0100
sudo: handle glibc 2.17 crypt semantics
Staring from glibc 2.17 the crypt() function will error out and return NULL if
the seed or "correct" is invalid. The failure case for this is the sudo user
having a locked account in /etc/shadow, so their password is "!", which is an
invalid hash. crypt() never returned NULL previously so this is crashing in
strcmp().
[ YOCTO #4241 ]
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
meta/recipes-extended/sudo/files/crypt.patch | 24 ++++++++++++++++++++++++
meta/recipes-extended/sudo/sudo_1.8.6p7.bb | 1 +
2 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch
new file mode 100644
index 0000000..53a257f
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/crypt.patch
@@ -0,0 +1,24 @@
+Staring from glibc 2.17 the crypt() function will error out and return NULL if
+the seed or "correct" is invalid. The failure case for this is the sudo user
+having a locked account in /etc/shadow, so their password is "!", which is an
+invalid hash. crypt() never returned NULL previously so this is crashing in
+strcmp().
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton at intel.com>
+
+Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
+===================================================================
+--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100
++++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100
+@@ -96,7 +96,9 @@
+ */
+ epass = (char *) crypt(pass, pw_epasswd);
+ pass[8] = sav;
+- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
++ if (epass == NULL)
++ error = AUTH_FAILURE;
++ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+ error = strncmp(pw_epasswd, epass, DESLEN);
+ else
+ error = strcmp(pw_epasswd, epass);
diff --git a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
index b79d0d5..7198fd3 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
@@ -4,6 +4,7 @@ PR = "r0"
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
file://libtool.patch \
+ file://crypt.patch \
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
PAM_SRC_URI = "file://sudo.pam"
More information about the Openembedded-commits
mailing list