From 984b113a7d1f757d7695b544497cb7ad36400816 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 27 Oct 2011 17:49:16 -0700 Subject: * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149). --- debian/patches-applied/pam_env-fix-dos.patch | 33 ++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 debian/patches-applied/pam_env-fix-dos.patch (limited to 'debian/patches-applied/pam_env-fix-dos.patch') diff --git a/debian/patches-applied/pam_env-fix-dos.patch b/debian/patches-applied/pam_env-fix-dos.patch new file mode 100644 index 00000000..523e1390 --- /dev/null +++ b/debian/patches-applied/pam_env-fix-dos.patch @@ -0,0 +1,33 @@ +Description: abort when encountering an overflowed environment variable + expansion (CVE-2011-3149). +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 +Author: Kees Cook + +Index: pam-debian/modules/pam_env/pam_env.c +=================================================================== +--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 12:47:23.433861595 -0700 ++++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:47:23.461861963 -0700 +@@ -567,6 +567,7 @@ + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", + tmp, tmpptr); ++ return PAM_ABORT; + } + continue; + } +@@ -628,6 +629,7 @@ + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog (pamh, LOG_ERR, + "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); ++ return PAM_ABORT; + } + } + } /* if ('{' != *orig++) */ +@@ -639,6 +641,7 @@ + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog(pamh, LOG_ERR, + "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); ++ return PAM_ABORT; + } + } + } /* for (;*orig;) */ -- cgit v1.2.3