slackware-current/source/kde/patch/kde-workspace/kde-workspace.shadow.changeset_r7777194da6154375fc8103b8c4e29e385cd7ae2e.diff

commit 7777194da6154375fc8103b8c4e29e385cd7ae2e
Author: Michael Pyne <mpyne@kde.org>
Date:   Sat Jun 29 16:13:20 2013 -0400

    kdm, kcheckpass: Check for NULL return from crypt(3) and friends.
    
    Potential issue noted and fixed by Mancha <mancha1@hush.com>.
    
    Patch reviewed by myself and ossi. Review request was closed out by the
    backport commit.

diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c
index 1dbe06f..e261b7c 100644
--- a/kcheckpass/checkpass_etcpasswd.c
+++ b/kcheckpass/checkpass_etcpasswd.c
@@ -35,6 +35,7 @@ AuthReturn Authenticate(const char *method,
 {
   struct passwd *pw;
   char *passwd;
+  char *crpt_passwd;
 
   if (strcmp(method, "classic"))
     return AuthError;
@@ -49,7 +50,7 @@ AuthReturn Authenticate(const char *method,
   if (!(passwd = conv(ConvGetHidden, 0)))
     return AuthAbort;
 
-  if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
+  if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) {
     dispose(passwd);
     return AuthOk; /* Success */
   }
diff --git a/kcheckpass/checkpass_osfc2passwd.c b/kcheckpass/checkpass_osfc2passwd.c
index 9a074f9..d181233 100644
--- a/kcheckpass/checkpass_osfc2passwd.c
+++ b/kcheckpass/checkpass_osfc2passwd.c
@@ -38,6 +38,7 @@ AuthReturn Authenticate(const char *method,
         const char *login, char *(*conv) (ConvRequest, const char *))
 {
   char *passwd;
+  char *crpt_passwd;
   char c2passwd[256];
 
   if (strcmp(method, "classic"))
@@ -52,7 +53,7 @@ AuthReturn Authenticate(const char *method,
   if (!(passwd = conv(ConvGetHidden, 0)))
     return AuthAbort;
 
-  if (!strcmp(c2passwd, osf1c2crypt(passwd, c2passwd))) {
+  if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) {
     dispose(passwd);
     return AuthOk; /* Success */
   }
diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
index ec3a4e0..c0f6913 100644
--- a/kcheckpass/checkpass_shadow.c
+++ b/kcheckpass/checkpass_shadow.c
@@ -69,7 +69,7 @@ AuthReturn Authenticate(const char *method,
   crpt_passwd = crypt(typed_in_password, password);
 #endif
 
-  if (!strcmp(password, crpt_passwd )) {
+  if (crpt_passwd && !strcmp(password, crpt_passwd )) {
     dispose(typed_in_password);
     return AuthOk; /* Success */
   }
diff --git a/kdm/backend/client.c b/kdm/backend/client.c
index bdff6da..26bb0b4 100644
--- a/kdm/backend/client.c
+++ b/kdm/backend/client.c
@@ -540,6 +540,9 @@ verify(GConvFunc gconv, int rootok)
 # if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
     int tim, expir, warntime, quietlog;
 # endif
+# if !defined(ultrix) && !defined(__ultrix__) && (defined(HAVE_PW_ENCRYPT) || defined(HAVE_CRYPT))
+    char *crpt_passwd;
+# endif
 #endif
 
     debug("verify ...\n");
@@ -752,9 +755,9 @@ verify(GConvFunc gconv, int rootok)
 # if defined(ultrix) || defined(__ultrix__)
     if (authenticate_user(p, curpass, 0) < 0)
 # elif defined(HAVE_PW_ENCRYPT)
-    if (strcmp(pw_encrypt(curpass, p->pw_passwd), p->pw_passwd))
+    if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
 # elif defined(HAVE_CRYPT)
-    if (strcmp(crypt(curpass, p->pw_passwd), p->pw_passwd))
+    if (!(crpt_passwd = crypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
 # else
     if (strcmp(curpass, p->pw_passwd))
 # endif
Slackware 14.1 Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) 2013-11-04 17:08:47 +00:00			`commit 7777194da6154375fc8103b8c4e29e385cd7ae2e`
			`Author: Michael Pyne <mpyne@kde.org>`
			`Date: Sat Jun 29 16:13:20 2013 -0400`

			`kdm, kcheckpass: Check for NULL return from crypt(3) and friends.`

			`Potential issue noted and fixed by Mancha <mancha1@hush.com>.`

			`Patch reviewed by myself and ossi. Review request was closed out by the`
			`backport commit.`

			`diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c`
			`index 1dbe06f..e261b7c 100644`
			`--- a/kcheckpass/checkpass_etcpasswd.c`
			`+++ b/kcheckpass/checkpass_etcpasswd.c`
			`@@ -35,6 +35,7 @@ AuthReturn Authenticate(const char *method,`
			`{`
			`struct passwd *pw;`
			`char *passwd;`
			`+ char *crpt_passwd;`

			`if (strcmp(method, "classic"))`
			`return AuthError;`
			`@@ -49,7 +50,7 @@ AuthReturn Authenticate(const char *method,`
			`if (!(passwd = conv(ConvGetHidden, 0)))`
			`return AuthAbort;`

			`- if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {`
			`+ if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) {`
			`dispose(passwd);`
			`return AuthOk; /* Success */`
			`}`
			`diff --git a/kcheckpass/checkpass_osfc2passwd.c b/kcheckpass/checkpass_osfc2passwd.c`
			`index 9a074f9..d181233 100644`
			`--- a/kcheckpass/checkpass_osfc2passwd.c`
			`+++ b/kcheckpass/checkpass_osfc2passwd.c`
			`@@ -38,6 +38,7 @@ AuthReturn Authenticate(const char *method,`
			`const char login, char (conv) (ConvRequest, const char ))`
			`{`
			`char *passwd;`
			`+ char *crpt_passwd;`
			`char c2passwd[256];`

			`if (strcmp(method, "classic"))`
			`@@ -52,7 +53,7 @@ AuthReturn Authenticate(const char *method,`
			`if (!(passwd = conv(ConvGetHidden, 0)))`
			`return AuthAbort;`

			`- if (!strcmp(c2passwd, osf1c2crypt(passwd, c2passwd))) {`
			`+ if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) {`
			`dispose(passwd);`
			`return AuthOk; /* Success */`
			`}`
			`diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c`
			`index ec3a4e0..c0f6913 100644`
			`--- a/kcheckpass/checkpass_shadow.c`
			`+++ b/kcheckpass/checkpass_shadow.c`
			`@@ -69,7 +69,7 @@ AuthReturn Authenticate(const char *method,`
			`crpt_passwd = crypt(typed_in_password, password);`
			`#endif`

			`- if (!strcmp(password, crpt_passwd )) {`
			`+ if (crpt_passwd && !strcmp(password, crpt_passwd )) {`
			`dispose(typed_in_password);`
			`return AuthOk; /* Success */`
			`}`
			`diff --git a/kdm/backend/client.c b/kdm/backend/client.c`
			`index bdff6da..26bb0b4 100644`
			`--- a/kdm/backend/client.c`
			`+++ b/kdm/backend/client.c`
			`@@ -540,6 +540,9 @@ verify(GConvFunc gconv, int rootok)`
			`# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) \|\| defined(USESHADOW)`
			`int tim, expir, warntime, quietlog;`
			`# endif`
			`+# if !defined(ultrix) && !defined(__ultrix__) && (defined(HAVE_PW_ENCRYPT) \|\| defined(HAVE_CRYPT))`
			`+ char *crpt_passwd;`
			`+# endif`
			`#endif`

			`debug("verify ...\n");`
			`@@ -752,9 +755,9 @@ verify(GConvFunc gconv, int rootok)`
			`# if defined(ultrix) \|\| defined(__ultrix__)`
			`if (authenticate_user(p, curpass, 0) < 0)`
			`# elif defined(HAVE_PW_ENCRYPT)`
			`- if (strcmp(pw_encrypt(curpass, p->pw_passwd), p->pw_passwd))`
			`+ if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) \|\| strcmp(crpt_passwd, p->pw_passwd))`
			`# elif defined(HAVE_CRYPT)`
			`- if (strcmp(crypt(curpass, p->pw_passwd), p->pw_passwd))`
			`+ if (!(crpt_passwd = crypt(curpass, p->pw_passwd)) \|\| strcmp(crpt_passwd, p->pw_passwd))`
			`# else`
			`if (strcmp(curpass, p->pw_passwd))`
			`# endif`