rpms/pam/devel pam-0.79-userdb-test-null.patch, NONE, 1.1 pam.spec, 1.83, 1.84

[fedora-cvs-commits redhat com]

Author: tmraz

Update of /cvs/dist/rpms/pam/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26767

Modified Files:
	pam.spec 
Added Files:
	pam-0.79-userdb-test-null.patch 
Log Message:
* Thu Jul 28 2005 Tomas Mraz <tmraz redhat com> 0.80-5
- fix NULL dereference in pam_userdb (#164418)


pam-0.79-userdb-test-null.patch:
 pam_userdb.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

--- NEW FILE pam-0.79-userdb-test-null.patch ---
--- Linux-PAM-0.79/modules/pam_userdb/pam_userdb.c.test-null	2004-09-28 15:49:26.000000000 +0200
+++ Linux-PAM-0.79/modules/pam_userdb/pam_userdb.c	2005-07-28 11:14:44.000000000 +0200
@@ -161,8 +161,8 @@
     }
 
     if (ctrl & PAM_DEBUG_ARG) {
-	_pam_log(LOG_INFO, "password in database is [%p]`%s', len is %d",
-		 data.dptr, (char *) data.dptr, data.dsize);
+	_pam_log(LOG_INFO, "password in database is [%p]`%.*s', len is %d",
+		 data.dptr, data.dsize, (char *) data.dptr, data.dsize);
     }
 
     if (data.dptr != NULL) {
@@ -174,7 +174,7 @@
 	    return 0; /* found it, data contents don't matter */
 	}
 
-	if (strncasecmp(cryptmode, "crypt", 5) == 0) {
+	if (cryptmode && strncasecmp(cryptmode, "crypt", 5) == 0) {
 
 	  /* crypt(3) password storage */
 
@@ -216,7 +216,8 @@
 	    compare = strncmp(data.dptr, pass, data.dsize);
 	}
 
-	  if (strncasecmp(cryptmode, "none", 4) && ctrl & PAM_DEBUG_ARG) {
+	  if (cryptmode && strncasecmp(cryptmode, "none", 4) 
+		&& (ctrl & PAM_DEBUG_ARG)) {
 	    _pam_log(LOG_INFO, "invalid value for crypt parameter: %s",
 		     cryptmode);
 	    _pam_log(LOG_INFO, "defaulting to plaintext password mode");


Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam.spec,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- pam.spec	26 Jul 2005 08:36:20 -0000	1.83
+++ pam.spec	28 Jul 2005 09:40:49 -0000	1.84
@@ -12,7 +12,7 @@
 Summary: A security tool which provides authentication for applications.
 Name: pam
 Version: 0.80
-Release: 4
+Release: 5
 License: GPL or BSD
 Group: System Environment/Base
 Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -33,6 +33,7 @@
 Patch71: pam-0.80-install-perms.patch
 Patch72: pam-0.80-pie.patch
 Patch73: pam-0.80-cleanup.patch
+Patch74: pam-0.79-userdb-test-null.patch
 
 BuildRoot: %{_tmppath}/%{name}-root
 Requires: cracklib, cracklib-dicts >= 2.8, glib2, initscripts >= 3.94
@@ -96,6 +97,7 @@
 %patch71 -p1 -b .install-perms
 %patch72 -p1 -b .pie
 %patch73 -p1 -b .cleanup
+%patch74 -p1 -b .test-null
 
 for readme in modules/pam_*/README ; do
 	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
@@ -368,6 +370,9 @@
 %{_libdir}/libpam_misc.so
 
 %changelog
+* Thu Jul 28 2005 Tomas Mraz <tmraz redhat com> 0.80-5
+- fix NULL dereference in pam_userdb (#164418)
+
 * Tue Jul 26 2005 Tomas Mraz <tmraz redhat com> 0.80-4
 - fix 64bit bug in pam_pwdb
 - don't crash in pam_unix if pam_get_data fail