summaryrefslogtreecommitdiff
path: root/source/n/ppp
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/ppp')
-rwxr-xr-xsource/n/ppp/ppp.SlackBuild10
-rw-r--r--source/n/ppp/ppp.crypt.diff64
2 files changed, 71 insertions, 3 deletions
diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild
index f7732bd6..3c229953 100755
--- a/source/n/ppp/ppp.SlackBuild
+++ b/source/n/ppp/ppp.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright 2008, 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2013 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -23,7 +23,7 @@
VERSION=2.4.5
RADVER=0.3.2
PPPVER=1.98
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j7 "}
@@ -64,8 +64,12 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
-zcat $CWD/ppp.slack.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit
+zcat $CWD/ppp.slack.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
sed -i -e "s#lib/pppd#lib${LIBDIRSUFFIX}/pppd#g" $(grep -lr 'lib/pppd' *)
+zcat $CWD/ppp.crypt.diff.gz | patch -p1 --verbose || exit 1
+
+# This conflicts with the header in 3.5+ kernels:
+rm -f include/linux/if_pppol2tp.h
./configure \
--prefix=/usr \
diff --git a/source/n/ppp/ppp.crypt.diff b/source/n/ppp/ppp.crypt.diff
new file mode 100644
index 00000000..2e39af2b
--- /dev/null
+++ b/source/n/ppp/ppp.crypt.diff
@@ -0,0 +1,64 @@
+From 04c4348108d847e034dd91066cc6843f60d71731 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@samba.org>
+Date: Sun, 20 May 2012 14:14:55 +1000
+Subject: [PATCH] pppd: Don't crash if crypt() returns NULL
+
+It is possible for crypt() to return NULL under some circumstances,
+so we need to check the return value before passing it to strcmp().
+If we do get NULL from crypt(), treat it as an authentication failure.
+
+Reported-by: Paul Wouters <pwouters@redhat.com>
+Signed-off-by: Paul Mackerras <paulus@samba.org>
+---
+ pppd/auth.c | 8 +++++---
+ pppd/session.c | 7 +++++--
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/pppd/auth.c b/pppd/auth.c
+index fb71944..883b7f5 100644
+--- a/pppd/auth.c
++++ b/pppd/auth.c
+@@ -1442,9 +1442,11 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
+ }
+ if (secret[0] != 0 && !login_secret) {
+ /* password given in pap-secrets - must match */
+- if ((cryptpap || strcmp(passwd, secret) != 0)
+- && strcmp(crypt(passwd, secret), secret) != 0)
+- ret = UPAP_AUTHNAK;
++ if (cryptpap || strcmp(passwd, secret) != 0) {
++ char *cbuf = crypt(passwd, secret);
++ if (!cbuf || strcmp(cbuf, secret) != 0)
++ ret = UPAP_AUTHNAK;
++ }
+ }
+ }
+ fclose(f);
+diff --git a/pppd/session.c b/pppd/session.c
+index 32901a2..56385dd 100644
+--- a/pppd/session.c
++++ b/pppd/session.c
+@@ -178,6 +178,7 @@ session_start(flags, user, passwd, ttyName, msg)
+ bool try_session = 0;
+ #else /* #ifdef USE_PAM */
+ struct passwd *pw;
++ char *cbuf;
+ #ifdef HAS_SHADOW
+ struct spwd *spwd;
+ struct spwd *getspnam();
+@@ -348,8 +349,10 @@ session_start(flags, user, passwd, ttyName, msg)
+ /*
+ * If no passwd, don't let them login if we're authenticating.
+ */
+- if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
+- || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
++ if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
++ return SESSION_FAILED;
++ cbuf = crypt(passwd, pw->pw_passwd);
++ if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
+ return SESSION_FAILED;
+ }
+
+--
+1.7.10.4
+
+