diff options
Diffstat (limited to 'debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch')
-rw-r--r-- | debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch new file mode 100644 index 00000000..e44bc91a --- /dev/null +++ b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch @@ -0,0 +1,32 @@ +Patch for cve-2009-0887 +int rather than unsigned char is used to index an array. + +upstream status: fixed upstream + +Index: sid/libpam/pam_misc.c +=================================================================== +--- sid.orig/libpam/pam_misc.c 2009-07-24 12:22:34.000000000 -0400 ++++ sid/libpam/pam_misc.c 2009-07-24 12:22:45.000000000 -0400 +@@ -59,10 +59,11 @@ + + /* initialize table */ + for (i=1; i<256; table[i++] = '\0'); +- for (i=0; format[i] ; table[(int)format[i++]] = 'y'); ++ for (i=0; format[i] ; ++ table[(unsigned char)format[i++]] = 'y'); + + /* look for first non-format char */ +- while (*from && table[(int)*from]) { ++ while (*from && table[(unsigned char)*from]) { + ++from; + } + +@@ -92,7 +93,7 @@ + remains */ + } else if (*from) { + /* simply look for next blank char */ +- for (end=from; *end && !table[(int)*end]; ++end); ++ for (end=from; *end && !table[(unsigned char)*end]; ++end); + } else { + return (*next = NULL); /* no tokens left */ + } |