summaryrefslogtreecommitdiff
path: root/debian/patches-applied/cve-2013-7041.patch
diff options
context:
space:
mode:
authorMichael Gilbert <mgilbert@debian.org>2014-08-09 09:50:42 +0000
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:53 -0800
commitb0b970d872cb7b9917521eb203798f01c30cac86 (patch)
tree939f001be9f1555705243e4b51052a16182397f4 /debian/patches-applied/cve-2013-7041.patch
parentdfacb4cc31574d2b77c6806f41e009865a34d07c (diff)
Import Debian changes 1.1.8-3.1
pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555)
Diffstat (limited to 'debian/patches-applied/cve-2013-7041.patch')
-rw-r--r--debian/patches-applied/cve-2013-7041.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2013-7041.patch b/debian/patches-applied/cve-2013-7041.patch
new file mode 100644
index 00000000..dac35b25
--- /dev/null
+++ b/debian/patches-applied/cve-2013-7041.patch
@@ -0,0 +1,44 @@
+From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Fri, 24 Jan 2014 22:18:32 +0000
+Subject: pam_userdb: fix password hash comparison
+
+Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
+passwords support in pam_userdb, hashes are compared case-insensitively.
+This bug leads to accepting hashes for completely different passwords in
+addition to those that should be accepted.
+
+Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
+modern password hashes with different lengths and settings, did not
+update the hash comparison accordingly, which leads to accepting
+computed hashes longer than stored hashes when the latter is a prefix
+of the former.
+
+* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
+hash whose length differs from the stored hash length.
+Compare computed and stored hashes case-sensitively.
+Fixes CVE-2013-7041.
+
+Bug-Debian: http://bugs.debian.org/731368
+
+--- a/modules/pam_userdb/pam_userdb.c
++++ b/modules/pam_userdb/pam_userdb.c
+@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
+ } else {
+ cryptpw = crypt (pass, data.dptr);
+
+- if (cryptpw) {
+- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
++ compare = memcmp(data.dptr, cryptpw, data.dsize);
+ } else {
+ compare = -2;
+ if (ctrl & PAM_DEBUG_ARG) {
+- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
++ if (cryptpw)
++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
++ else
++ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
+ }
+ };
+