mirror of
https://gitlab.com/CinnamonSlackBuilds/csb.git
synced 2024-12-30 10:23:52 +01:00
53 lines
1.9 KiB
Diff
53 lines
1.9 KiB
Diff
|
From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
|
||
|
From: "Dmitry V. Levin" <ldv@altlinux.org>
|
||
|
Date: Fri, 24 Jan 2014 22:18:32 +0000
|
||
|
Subject: [PATCH] pam_userdb: fix password hash comparison
|
||
|
|
||
|
Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
|
||
|
passwords support in pam_userdb, hashes are compared case-insensitively.
|
||
|
This bug leads to accepting hashes for completely different passwords in
|
||
|
addition to those that should be accepted.
|
||
|
|
||
|
Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
|
||
|
modern password hashes with different lengths and settings, did not
|
||
|
update the hash comparison accordingly, which leads to accepting
|
||
|
computed hashes longer than stored hashes when the latter is a prefix
|
||
|
of the former.
|
||
|
|
||
|
* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
|
||
|
hash whose length differs from the stored hash length.
|
||
|
Compare computed and stored hashes case-sensitively.
|
||
|
Fixes CVE-2013-7041.
|
||
|
|
||
|
Bug-Debian: http://bugs.debian.org/731368
|
||
|
---
|
||
|
modules/pam_userdb/pam_userdb.c | 9 ++++++---
|
||
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
|
||
|
index de8b5b1..ff040e6 100644
|
||
|
--- a/modules/pam_userdb/pam_userdb.c
|
||
|
+++ b/modules/pam_userdb/pam_userdb.c
|
||
|
@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
|
||
|
} else {
|
||
|
cryptpw = crypt (pass, data.dptr);
|
||
|
|
||
|
- if (cryptpw) {
|
||
|
- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
|
||
|
+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
|
||
|
+ compare = memcmp(data.dptr, cryptpw, data.dsize);
|
||
|
} else {
|
||
|
compare = -2;
|
||
|
if (ctrl & PAM_DEBUG_ARG) {
|
||
|
- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
||
|
+ if (cryptpw)
|
||
|
+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
|
||
|
+ else
|
||
|
+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
||
|
}
|
||
|
};
|
||
|
|
||
|
--
|
||
|
1.8.3.1
|
||
|
|