rpms/busybox/FC-4 busybox-1.00-cve-2006-1058.patch, NONE, 1.1 busybox.spec, 1.26, 1.27
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu May 4 09:38:17 UTC 2006
- Previous message (by thread): rpms/busybox/FC-5 busybox-1.00-cve-2006-1058.patch, NONE, 1.1 busybox.spec, 1.32, 1.33
- Next message (by thread): rpms/keyutils/FC-5 .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 keyutils.spec, NONE, 1.1 sources, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: varekova
Update of /cvs/dist/rpms/busybox/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv13433
Modified Files:
busybox.spec
Added Files:
busybox-1.00-cve-2006-1058.patch
Log Message:
fix CVE-2006-1058 - BusyBox passwd command
fails to generate password with salt (#187386)
busybox-1.00-cve-2006-1058.patch:
passwd.c | 64 +++++++++++++++++++++++----------------------------------------
1 files changed, 24 insertions(+), 40 deletions(-)
--- NEW FILE busybox-1.00-cve-2006-1058.patch ---
--- busybox-1.00/loginutils/passwd.c.pom 2004-09-15 04:39:09.000000000 +0200
+++ busybox-1.00/loginutils/passwd.c 2006-05-03 13:20:54.000000000 +0200
@@ -20,17 +20,6 @@
static int new_password(const struct passwd *pw, int amroot, int algo);
static void set_filesize_limit(int blocks);
-
-int get_algo(char *a)
-{
- int x = 1; /* standard: MD5 */
-
- if (strcasecmp(a, "des") == 0)
- x = 0;
- return x;
-}
-
-
extern int update_passwd(const struct passwd *pw, char *crypt_pw)
{
char filename[1024];
@@ -130,6 +119,13 @@
}
}
+/*
+ * get_algo() returns:
+ * FALSE: in case of traditional MD5
+ * TRUE : in case of short SALT MD5
+ */
+#define get_algo(a) (!strcasecmp(a, "des"))
+
extern int passwd_main(int argc, char **argv)
{
@@ -286,33 +282,19 @@
return 0;
}
-static int i64c(int i)
-{
- if (i <= 0)
- return ('.');
- if (i == 1)
- return ('/');
- if (i >= 2 && i < 12)
- return ('0' - 2 + i);
- if (i >= 12 && i < 38)
- return ('A' - 12 + i);
- if (i >= 38 && i < 63)
- return ('a' - 38 + i);
- return ('z');
-}
+const unsigned char bb_base64[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJLKMNOPQRSTUVWXYZ0123456789./";
+#define bb_i64c(a) (bb_base64[((unsigned char)(a))%64])
-static char *crypt_make_salt(void)
+static void bb_read_random64_string(unsigned char *str, int len)
{
- time_t now;
- static unsigned long x;
- static char result[3];
-
- time(&now);
- x += now + getpid() + clock();
- result[0] = i64c(((x >> 18) ^ (x >> 6)) & 077);
- result[1] = i64c(((x >> 12) ^ x) & 077);
- result[2] = '\0';
- return result;
+ int i;
+ FILE *fp;
+ if(!(fp = fopen("/dev/random", "r")))
+ bb_perror_msg_and_die("open /dev/random");
+ bb_xread_all(fileno(fp), str, len);
+ for(i = 0; i < len; i++)
+ str[i] = bb_i64c(str[i]);
+ str[i] = 0; //close the string
}
@@ -324,6 +306,7 @@
char orig[200];
char pass[200];
time_t start, now;
+ unsigned char salt[12] = "$1$";
if (!amroot && crypt_passwd[0]) {
if (!(clear = bb_askpass(0, "Old password:"))) {
@@ -382,10 +365,11 @@
bzero(cp, strlen(cp));
bzero(orig, sizeof(orig));
- if (algo == 1) {
- cp = pw_encrypt(pass, "$1$");
- } else
- cp = pw_encrypt(pass, crypt_make_salt());
+ if(algo)
+ bb_read_random64_string(&salt[3], 8);
+ else
+ bb_read_random64_string(salt, 2);
+ cp = pw_encrypt(pass,salt);
bzero(pass, sizeof pass);
safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
return 0;
Index: busybox.spec
===================================================================
RCS file: /cvs/dist/rpms/busybox/FC-4/busybox.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- busybox.spec 11 May 2005 07:55:17 -0000 1.26
+++ busybox.spec 4 May 2006 09:38:14 -0000 1.27
@@ -1,7 +1,7 @@
Summary: Statically linked binary providing simplified versions of system commands
Name: busybox
Version: 1.00
-Release: 5
+Release: 5.fc4
Epoch: 1
License: GPL
Group: System Environment/Shells
@@ -10,6 +10,7 @@
Patch1: busybox-anaconda.patch
Patch2: busybox-selinux.patch
Patch3: busybox-1.00-declar.patch
+Patch4: busybox-1.00-cve-2006-1058.patch
URL: http://www.busybox.net
BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: libselinux-devel
@@ -39,6 +40,7 @@
%patch -b .static -p1
#%patch1 -b .anaconda -p1
%patch3 -b .declar -p1
+%patch4 -b .cve-2006-1058 -p1
%build
make defconfig
@@ -76,6 +78,10 @@
/sbin/busybox.anaconda
%changelog
+* Thu May 4 2006 Ivana Varekova <varekova at redhat.com> - 1.00-5.fc4
+- fix CVE-2006-1058 - BusyBox passwd command
+ fails to generate password with salt (#187386)
+
* Tue May 11 2005 Ivana Varekova <varekova at redhat.com> - 1.00-5
- add debug files to debug_package
- Previous message (by thread): rpms/busybox/FC-5 busybox-1.00-cve-2006-1058.patch, NONE, 1.1 busybox.spec, 1.32, 1.33
- Next message (by thread): rpms/keyutils/FC-5 .cvsignore, NONE, 1.1 Makefile, NONE, 1.1 keyutils.spec, NONE, 1.1 sources, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list