summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorKees Cook <kees@debian.org>2011-10-27 17:49:16 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:47 -0800
commit984b113a7d1f757d7695b544497cb7ad36400816 (patch)
tree5769ee10d173dcf5e1326c7d7c5d406aaa0eefb1 /debian
parentbb19334f8624b2e67fc3fd641fde3809b94f56df (diff)
* debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog4
-rw-r--r--debian/patches-applied/pam_env-fix-dos.patch33
-rw-r--r--debian/patches-applied/pam_env-fix-overflow.patch29
-rw-r--r--debian/patches-applied/series2
4 files changed, 68 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 47a4ff4c..2ce66045 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ pam (1.1.3-5) UNRELEASED; urgency=low
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
* debian/patches-applied/update-motd: correctly clear environment when
building motd.
+ * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
+ in environment file parsing (CVE-2011-3148).
+ * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
+ file parsing (CVE-2011-3149).
-- Kees Cook <kees@debian.org> Thu, 13 Oct 2011 12:31:03 -0700
diff --git a/debian/patches-applied/pam_env-fix-dos.patch b/debian/patches-applied/pam_env-fix-dos.patch
new file mode 100644
index 00000000..523e1390
--- /dev/null
+++ b/debian/patches-applied/pam_env-fix-dos.patch
@@ -0,0 +1,33 @@
+Description: abort when encountering an overflowed environment variable
+ expansion (CVE-2011-3149).
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
+Author: Kees Cook <kees@debian.org>
+
+Index: pam-debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 12:47:23.433861595 -0700
++++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:47:23.461861963 -0700
+@@ -567,6 +567,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
+ tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ continue;
+ }
+@@ -628,6 +629,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ }
+ } /* if ('{' != *orig++) */
+@@ -639,6 +641,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog(pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ }
+ } /* for (;*orig;) */
diff --git a/debian/patches-applied/pam_env-fix-overflow.patch b/debian/patches-applied/pam_env-fix-overflow.patch
new file mode 100644
index 00000000..7797359a
--- /dev/null
+++ b/debian/patches-applied/pam_env-fix-overflow.patch
@@ -0,0 +1,29 @@
+Description: correctly count leading whitespace when parsing environment
+ file (CVE-2011-3148).
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
+Author: Kees Cook <kees@debian.org>
+
+Index: pam-debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 10:51:30.973701139 -0700
++++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:32:25.578188004 -0700
+@@ -287,6 +287,7 @@
+ char *p = buffer;
+ char *s, *os;
+ int used = 0;
++ int whitespace;
+
+ /* loop broken with a 'break' when a non-'\\n' ended line is read */
+
+@@ -309,8 +310,10 @@
+
+ /* skip leading spaces --- line may be blank */
+
+- s = p + strspn(p, " \n\t");
++ whitespace = strspn(p, " \n\t");
++ s = p + whitespace;
+ if (*s && (*s != '#')) {
++ used += whitespace;
+ os = s;
+
+ /*
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index fc0ee341..9006ae52 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -22,3 +22,5 @@ fix-man-crud
sys-types-include.patch
no_PATH_MAX_on_hurd
lib_security_multiarch_compat
+pam_env-fix-overflow.patch
+pam_env-fix-dos.patch