summaryrefslogtreecommitdiff
path: root/debian/patches-applied/pam_env-fix-overflow.patch
diff options
context:
space:
mode:
authorKees Cook <kees@debian.org>2011-10-27 17:49:16 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:47 -0800
commit984b113a7d1f757d7695b544497cb7ad36400816 (patch)
tree5769ee10d173dcf5e1326c7d7c5d406aaa0eefb1 /debian/patches-applied/pam_env-fix-overflow.patch
parentbb19334f8624b2e67fc3fd641fde3809b94f56df (diff)
* debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
Diffstat (limited to 'debian/patches-applied/pam_env-fix-overflow.patch')
-rw-r--r--debian/patches-applied/pam_env-fix-overflow.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_env-fix-overflow.patch b/debian/patches-applied/pam_env-fix-overflow.patch
new file mode 100644
index 00000000..7797359a
--- /dev/null
+++ b/debian/patches-applied/pam_env-fix-overflow.patch
@@ -0,0 +1,29 @@
+Description: correctly count leading whitespace when parsing environment
+ file (CVE-2011-3148).
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
+Author: Kees Cook <kees@debian.org>
+
+Index: pam-debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 10:51:30.973701139 -0700
++++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:32:25.578188004 -0700
+@@ -287,6 +287,7 @@
+ char *p = buffer;
+ char *s, *os;
+ int used = 0;
++ int whitespace;
+
+ /* loop broken with a 'break' when a non-'\\n' ended line is read */
+
+@@ -309,8 +310,10 @@
+
+ /* skip leading spaces --- line may be blank */
+
+- s = p + strspn(p, " \n\t");
++ whitespace = strspn(p, " \n\t");
++ s = p + whitespace;
+ if (*s && (*s != '#')) {
++ used += whitespace;
+ os = s;
+
+ /*