diff options
Diffstat (limited to 'backport-Prevent-out-of-boundary-access.patch')
| -rw-r--r-- | backport-Prevent-out-of-boundary-access.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/backport-Prevent-out-of-boundary-access.patch b/backport-Prevent-out-of-boundary-access.patch new file mode 100644 index 0000000..321b616 --- /dev/null +++ b/backport-Prevent-out-of-boundary-access.patch @@ -0,0 +1,56 @@ +From 8e0ad48c21bd7d5506ff44eb4c04f796b80045ce Mon Sep 17 00:00:00 2001 +From: Samanta Navarro <ferivoz@riseup.net> +Date: Mon, 30 Jan 2023 11:54:49 +0000 +Subject: [PATCH] Prevent out of boundary access + +If lines start with '\0' then it is possible to trigger out of +boundary accesses. + +Check if indices are valid before accessing them. + +Signed-off-by: Samanta Navarro <ferivoz@riseup.net> +--- + src/login_nopam.c | 4 ++-- + src/suauth.c | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/login_nopam.c b/src/login_nopam.c +index b09cffe4..18072a43 100644 +--- a/src/login_nopam.c ++++ b/src/login_nopam.c +@@ -100,7 +100,7 @@ int login_access (const char *user, const char *from) + int end; + lineno++; + end = (int) strlen (line) - 1; +- if (line[end] != '\n') { ++ if (line[0] == '\0' || line[end] != '\n') { + SYSLOG ((LOG_ERR, + "%s: line %d: missing newline or line too long", + TABLE, lineno)); +@@ -320,7 +320,7 @@ static bool from_match (const char *tok, const char *string) + if (strchr (string, '.') == NULL) { + return true; + } +- } else if ( (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */ ++ } else if ( (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */ + && (strncmp (tok, resolve_hostname (string), tok_len) == 0)) { + return true; + } +diff --git a/src/suauth.c b/src/suauth.c +index 2641d334..d68a3340 100644 +--- a/src/suauth.c ++++ b/src/suauth.c +@@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id, + + while (fgets (temp, sizeof (temp), authfile_fd) != NULL) { + lines++; ++ endline = strlen(temp) - 1; + +- if (temp[endline = strlen (temp) - 1] != '\n') { ++ if (temp[0] == '\0' || temp[endline] != '\n') { + SYSLOG ((LOG_ERR, + "%s, line %d: line too long or missing newline", + SUAUTHFILE, lines)); +-- +2.27.0 + |