summaryrefslogtreecommitdiff
path: root/source/n/cyrus-sasl
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2013-11-04 17:08:47 +0000
committerEric Hameleers <alien@slackware.com>2018-05-31 22:57:36 +0200
commit76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch)
tree9b98e6e193c7870cb27ac861394c1c4592850922 /source/n/cyrus-sasl
parent9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff)
downloadcurrent-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz
Slackware 14.1slackware-14.1
Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-)
Diffstat (limited to 'source/n/cyrus-sasl')
-rw-r--r--source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff105
-rwxr-xr-xsource/n/cyrus-sasl/cyrus-sasl.SlackBuild7
-rw-r--r--source/n/cyrus-sasl/rc.saslauthd2
3 files changed, 111 insertions, 3 deletions
diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
new file mode 100644
index 00000000..2cbb4860
--- /dev/null
+++ b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
@@ -0,0 +1,105 @@
+From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Tue, 9 Jul 2013
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+---
+ pwcheck/pwcheck_getpwnam.c | 3 ++-
+ pwcheck/pwcheck_getspnam.c | 3 ++-
+ saslauthd/auth_getpwent.c | 3 ++-
+ saslauthd/auth_shadow.c | 7 ++-----
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ extern char *crypt();
+ char *password;
+ {
+ char* r;
++ char* crpt_passwd;
+ struct passwd *pwd;
+
+ pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+ else if (pwd->pw_passwd[0] == '*') {
+ r = "Account disabled";
+ }
+- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ r = "Incorrect password";
+ }
+ else {
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -30,6 +30,7 @@ extern char *crypt();
+ char *pwcheck(userid, password)
+ char *userid;
+ char *password;
++char *crpt_passwd;
+ {
+ struct spwd *pwd;
+
+@@ -38,7 +39,7 @@ char *password;
+ return "Userid not found";
+ }
+
+- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ return "Incorrect password";
+ }
+ else {
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -70,6 +70,7 @@ auth_getpwent (
+ {
+ /* VARIABLES */
+ struct passwd *pw; /* pointer to passwd file entry */
++ char *crpt_passwd; /* encrypted password */
+ /* END VARIABLES */
+
+ pw = getpwnam(login);
+@@ -79,7 +80,7 @@ auth_getpwent (
+ RETURN("NO");
+ }
+
+- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ RETURN("NO");
+ }
+
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -180,16 +180,13 @@ auth_shadow (
+ * not returning any information about a login until we have validated
+ * the password.
+ */
+- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+- if (strcmp(sp->sp_pwdp, cpw)) {
++ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ sp->sp_pwdp, cpw);
+ }
+- free(cpw);
+ RETURN("NO");
+ }
+- free(cpw);
+
+ /*
+ * The following fields will be set to -1 if:
+@@ -251,7 +250,7 @@ auth_shadow (
+ RETURN("NO");
+ }
+
+- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ password, upw->upw_passwd);
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index eea8e190..c47821d5 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -22,7 +22,7 @@
PKGNAM=cyrus-sasl
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -62,6 +62,9 @@ cd cyrus-sasl-$VERSION || exit 1
# Fix compiling:
zcat $CWD/cyrus-sasl.bad_elif.diff.gz | patch -p1 --verbose || exit 1
+# Fix for glibc-2.17 crypt() NULL return:
+zcat $CWD/cyrus-sasl-2.1.23-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1
+
chown -R root:root .
find . -perm 777 -exec chmod 755 {} \;
find . -perm 664 -exec chmod 644 {} \;
diff --git a/source/n/cyrus-sasl/rc.saslauthd b/source/n/cyrus-sasl/rc.saslauthd
index 8b69a710..8a01ac65 100644
--- a/source/n/cyrus-sasl/rc.saslauthd
+++ b/source/n/cyrus-sasl/rc.saslauthd
@@ -3,7 +3,7 @@
#
# saslauthd is a daemon process that handles plaintext authentication
# requests on behalf of the SASL library. The CMU Cyrus SASL library
-# is a general purpose authentication library for sever and client
+# is a general purpose authentication library for server and client
# applications. It is mostly used to authenticate to mail servers.
#
# saslauthd should be started from the system boot scripts when going