1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Description: abort when encountering an overflowed environment variable
expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook <kees@debian.org>
Index: pam-debian/modules/pam_env/pam_env.c
===================================================================
--- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 12:47:23.433861595 -0700
+++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:47:23.461861963 -0700
@@ -567,6 +567,7 @@
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
tmp, tmpptr);
+ return PAM_ABORT;
}
continue;
}
@@ -628,6 +629,7 @@
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog (pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* if ('{' != *orig++) */
@@ -639,6 +641,7 @@
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
pam_syslog(pamh, LOG_ERR,
"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+ return PAM_ABORT;
}
}
} /* for (;*orig;) */
|