mirror of
https://gitlab.com/CinnamonSlackBuilds/csb.git
synced 2024-12-26 21:59:28 +01:00
dfe444c0ce
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackware-id.org>
52 lines
1.9 KiB
Diff
52 lines
1.9 KiB
Diff
From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001
|
|
From: "Dmitry V. Levin" <ldv@altlinux.org>
|
|
Date: Fri, 24 Jan 2014 22:18:32 +0000
|
|
Subject: [PATCH] pam_userdb: fix password hash comparison
|
|
|
|
Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
|
|
passwords support in pam_userdb, hashes are compared case-insensitively.
|
|
This bug leads to accepting hashes for completely different passwords in
|
|
addition to those that should be accepted.
|
|
|
|
Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
|
|
modern password hashes with different lengths and settings, did not
|
|
update the hash comparison accordingly, which leads to accepting
|
|
computed hashes longer than stored hashes when the latter is a prefix
|
|
of the former.
|
|
|
|
* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
|
|
hash whose length differs from the stored hash length.
|
|
Compare computed and stored hashes case-sensitively.
|
|
Fixes CVE-2013-7041.
|
|
|
|
Bug-Debian: http://bugs.debian.org/731368
|
|
---
|
|
modules/pam_userdb/pam_userdb.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
|
|
index de8b5b1..ff040e6 100644
|
|
--- a/modules/pam_userdb/pam_userdb.c
|
|
+++ b/modules/pam_userdb/pam_userdb.c
|
|
@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
|
|
} else {
|
|
cryptpw = crypt (pass, data.dptr);
|
|
|
|
- if (cryptpw) {
|
|
- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
|
|
+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
|
|
+ compare = memcmp(data.dptr, cryptpw, data.dsize);
|
|
} else {
|
|
compare = -2;
|
|
if (ctrl & PAM_DEBUG_ARG) {
|
|
- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
|
+ if (cryptpw)
|
|
+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
|
|
+ else
|
|
+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
|
}
|
|
};
|
|
|
|
--
|
|
1.8.3.1
|
|
|