rpms/shadow-utils/devel shadow-4.0.18.1-overflow.patch, NONE, 1.1 shadow-utils.spec, 1.88, 1.89

[fedora-cvs-commits at redhat.com]

Author: pvrabec

Update of /cvs/dist/rpms/shadow-utils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11216

Modified Files:
	shadow-utils.spec 
Added Files:
	shadow-4.0.18.1-overflow.patch 
Log Message:
fix chpasswd and chgpasswd stack overflow (#213052)


shadow-4.0.18.1-overflow.patch:
 chgpasswd.c |    8 ++++++--
 chpasswd.c  |    8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

--- NEW FILE shadow-4.0.18.1-overflow.patch ---
--- shadow-4.0.17/src/chpasswd.c.overflow	2006-11-08 11:09:32.000000000 +0100
+++ shadow-4.0.17/src/chpasswd.c	2006-11-08 13:13:15.000000000 +0100
@@ -239,9 +239,13 @@
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "\0";
 
-				strcat (salt, crypt_make_salt ());
+				strcpy( tmp, crypt_make_salt ());
+				if( !strncmp( tmp, "$1$", 3) )
+					strcat( salt, "$1$");
+				strcat( salt, tmp);
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());
--- shadow-4.0.17/src/chgpasswd.c.overflow	2006-11-08 13:13:40.000000000 +0100
+++ shadow-4.0.17/src/chgpasswd.c	2006-11-08 13:17:24.000000000 +0100
@@ -243,9 +243,13 @@
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "\0";
 
-				strcat (salt, crypt_make_salt ());
+				strcpy( tmp, crypt_make_salt ());
+				if( !strncmp( tmp, "$1$", 3) )
+					strcat( salt, "$1$");
+				strcat( salt, tmp);
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());


Index: shadow-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/shadow-utils.spec,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- shadow-utils.spec	4 Nov 2006 13:26:21 -0000	1.88
+++ shadow-utils.spec	14 Nov 2006 10:07:36 -0000	1.89
@@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files.
 Name: shadow-utils
 Version: 4.0.18.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 Epoch: 2
 URL: http://shadow.pld.org.pl/
 Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@@ -22,6 +22,7 @@
 Patch7: shadow-4.0.17-exitValues.patch
 Patch8: shadow-4.0.17-auditLogging.patch
 Patch9: shadow-4.0.18.1-gid.patch
+Patch10: shadow-4.0.18.1-overflow.patch
 
 License: BSD
 Group: System Environment/Base
@@ -61,6 +62,7 @@
 %patch7 -p1 -b .exitValues
 %patch8 -p1 -b .auditLogging
 %patch9 -p1 -b .gid
+%patch10 -p1 -b .overflow
 
 rm po/*.gmo
 rm po/stamp-po
@@ -215,6 +217,9 @@
 %{_mandir}/*/man8/faillog.8*
 
 %changelog
+* Tue Nov 14 2006 Peter Vrabec <pvrabec at redhat.com> 2:4.0.18.1-4
+- fix chpasswd and chgpasswd stack overflow (#213052)
+
 * Sat Nov 04 2006 Peter Vrabec <pvrabec at redhat.com> 2:4.0.18.1-3
 - fix "-g" and "-G" option.