summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2007-01-23 10:19:32 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2007-01-23 10:19:32 +0000
commit7cbfa335c57d068d59508c844f3957165cccfb9b (patch)
tree0044bf9724c0d4214ec385c258bfb8ee2e492a0c
parent6cd17d661ccddf250640032a8eaa5c79633c2600 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2007-01-23 Thorsten Kukuk <kukuk@suse.de> * release 0.99.7.1 * configure.in: Set version number to 0.99.7.1 2007-01-23 Thorsten Kukuk <kukuk@thukuk.de> Tomas Mraz <t2m@centrum.cz> * modules/pam_unix/support.c (_unix_verify_password): Always compare full encrypted passwords.
-rw-r--r--ChangeLog12
-rw-r--r--NEWS6
-rw-r--r--configure.in2
-rw-r--r--modules/pam_unix/support.c23
4 files changed, 26 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index d48d6e7e..f65e67f8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2007-01-23 Thorsten Kukuk <kukuk@suse.de>
+
+ * release 0.99.7.1
+
+ * configure.in: Set version number to 0.99.7.1
+
+2007-01-23 Thorsten Kukuk <kukuk@thukuk.de>
+ Tomas Mraz <t2m@centrum.cz>
+
+ * modules/pam_unix/support.c (_unix_verify_password): Always
+ compare full encrypted passwords (CVE-2007-0003).
+
2007-01-23 Tomas Mraz <t8m@centrum.cz>
* modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.
diff --git a/NEWS b/NEWS
index 01c09d44..810660fc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
Linux-PAM NEWS -- history of user-visible changes.
+Release 0.99.7.1
+
+* Security fix for pam_unix.so (CVE-2007-0003).
+
+
Release 0.99.7.0
* Add manual page for pam_unix.so.
@@ -9,6 +14,7 @@ Release 0.99.7.0
* Cleanup of configure options.
* Update hungarian translation, fix german translation.
+
Release 0.99.6.3
* pam_loginuid: New PAM module.
diff --git a/configure.in b/configure.in
index 3992ef54..0c4c8cb0 100644
--- a/configure.in
+++ b/configure.in
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(conf/pam_conv1/pam_conv_y.y)
-AM_INIT_AUTOMAKE("Linux-PAM", 0.99.7.0)
+AM_INIT_AUTOMAKE("Linux-PAM", 0.99.7.1)
AC_PREREQ([2.60])
AM_CONFIG_HEADER(config.h)
AC_CANONICAL_HOST
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 86b3a731..954f2c73 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -693,38 +693,29 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
retval = PAM_AUTH_ERR;
} else {
if (!strncmp(salt, "$1$", 3)) {
- salt_len = 0;
pp = Goodcrypt_md5(p, salt);
if (strcmp(pp, salt) != 0) {
_pam_delete(pp);
pp = Brokencrypt_md5(p, salt);
}
- } else if (*salt == '$') {
+ } else if (*salt != '$' && salt_len >= 13) {
+ pp = bigcrypt(p, salt);
+ if (strlen(pp) > salt_len) {
+ pp[salt_len] = '\0';
+ }
+ } else {
/*
* Ok, we don't know the crypt algorithm, but maybe
* libcrypt nows about it? We should try it.
*/
- salt_len = 0;
pp = x_strdup (crypt(p, salt));
- } else {
- pp = bigcrypt(p, salt);
}
p = NULL; /* no longer needed here */
/* the moment of truth -- do we agree with the password? */
D(("comparing state of pp[%s] and salt[%s]", pp, salt));
- /*
- * Note, we are comparing the bigcrypt of the password with
- * the contents of the password field. If the latter was
- * encrypted with regular crypt (and not bigcrypt) it will
- * have been truncated for storage relative to the output
- * of bigcrypt here. As such we need to compare only the
- * stored string with the subset of bigcrypt's result.
- * Bug 521314: The strncmp comparison is for legacy support.
- */
- if ((!salt_len && strcmp(pp, salt) == 0) ||
- (salt_len && strncmp(pp, salt, salt_len) == 0)) {
+ if (strcmp(pp, salt) == 0) {
retval = PAM_SUCCESS;
} else {
retval = PAM_AUTH_ERR;