summaryrefslogtreecommitdiff
path: root/debian/patches-applied
diff options
context:
space:
mode:
authorSam Hartman <hartmans@debian.org>2009-07-24 12:27:12 -0400
committerSteve Langasek <vorlon@debian.org>2019-01-08 19:41:59 -0800
commit4de9dd39a6728211e0b3d931e407dc1782ff6090 (patch)
treed3df4f2fdd47f9fabf15b861a71f00425c2e8408 /debian/patches-applied
parent535cd44225f00c8092854e986692f742fef284f7 (diff)
cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
(CVE-2009-0887) (Closes: #520115)
Diffstat (limited to 'debian/patches-applied')
-rw-r--r--debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch32
-rw-r--r--debian/patches-applied/pam_mail-fix-quiet4
-rw-r--r--debian/patches-applied/series1
3 files changed, 35 insertions, 2 deletions
diff --git a/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch
new file mode 100644
index 00000000..e44bc91a
--- /dev/null
+++ b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch
@@ -0,0 +1,32 @@
+Patch for cve-2009-0887
+int rather than unsigned char is used to index an array.
+
+upstream status: fixed upstream
+
+Index: sid/libpam/pam_misc.c
+===================================================================
+--- sid.orig/libpam/pam_misc.c 2009-07-24 12:22:34.000000000 -0400
++++ sid/libpam/pam_misc.c 2009-07-24 12:22:45.000000000 -0400
+@@ -59,10 +59,11 @@
+
+ /* initialize table */
+ for (i=1; i<256; table[i++] = '\0');
+- for (i=0; format[i] ; table[(int)format[i++]] = 'y');
++ for (i=0; format[i] ;
++ table[(unsigned char)format[i++]] = 'y');
+
+ /* look for first non-format char */
+- while (*from && table[(int)*from]) {
++ while (*from && table[(unsigned char)*from]) {
+ ++from;
+ }
+
+@@ -92,7 +93,7 @@
+ remains */
+ } else if (*from) {
+ /* simply look for next blank char */
+- for (end=from; *end && !table[(int)*end]; ++end);
++ for (end=from; *end && !table[(unsigned char)*end]; ++end);
+ } else {
+ return (*next = NULL); /* no tokens left */
+ }
diff --git a/debian/patches-applied/pam_mail-fix-quiet b/debian/patches-applied/pam_mail-fix-quiet
index 7673effa..b85637ca 100644
--- a/debian/patches-applied/pam_mail-fix-quiet
+++ b/debian/patches-applied/pam_mail-fix-quiet
@@ -5,8 +5,8 @@ Upstream status: applied in upstream CVS September 2008
Index: sid/modules/pam_mail/pam_mail.c
===================================================================
---- sid.orig/modules/pam_mail/pam_mail.c 2009-05-30 17:02:33.000000000 -0400
-+++ sid/modules/pam_mail/pam_mail.c 2009-05-30 17:20:28.000000000 -0400
+--- sid.orig/modules/pam_mail/pam_mail.c 2009-07-21 04:31:54.000000000 -0400
++++ sid/modules/pam_mail/pam_mail.c 2009-07-24 12:16:47.000000000 -0400
@@ -303,8 +303,13 @@
{
int retval;
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 3e763c96..f9ba7482 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -26,3 +26,4 @@ pam_1.0.4_mindays
update-motd
pam_mail-fix-quiet
+cve-2009-0887-libpam-pam_misc.patch