summaryrefslogtreecommitdiff
path: root/debian/patches-applied/pam_env-fix-dos.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/pam_env-fix-dos.patch')
-rw-r--r--debian/patches-applied/pam_env-fix-dos.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_env-fix-dos.patch b/debian/patches-applied/pam_env-fix-dos.patch
new file mode 100644
index 00000000..523e1390
--- /dev/null
+++ b/debian/patches-applied/pam_env-fix-dos.patch
@@ -0,0 +1,33 @@
+Description: abort when encountering an overflowed environment variable
+ expansion (CVE-2011-3149).
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
+Author: Kees Cook <kees@debian.org>
+
+Index: pam-debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 12:47:23.433861595 -0700
++++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:47:23.461861963 -0700
+@@ -567,6 +567,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
+ tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ continue;
+ }
+@@ -628,6 +629,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog (pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ }
+ } /* if ('{' != *orig++) */
+@@ -639,6 +641,7 @@
+ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
+ pam_syslog(pamh, LOG_ERR,
+ "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
++ return PAM_ABORT;
+ }
+ }
+ } /* for (;*orig;) */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 00:36:12 +0000