From 2c74875e63e18fb8f3e0fd414d8e357637b7ff68 Mon Sep 17 00:00:00 2001 From: spz Date: Tue, 13 Dec 2011 15:57:08 +0000 Subject: added prevention of CVE-2011-4122 taken from NetBSD src --- security/openpam/Makefile | 4 +++- security/openpam/distinfo | 4 ++-- security/openpam/patches/patch-ab | 20 ++++++++++++++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/openpam/Makefile b/security/openpam/Makefile index a365713f7a3..0c6f09f2b11 100644 --- a/security/openpam/Makefile +++ b/security/openpam/Makefile @@ -1,12 +1,14 @@ -# $NetBSD: Makefile,v 1.15 2008/02/18 16:48:12 jlam Exp $ +# $NetBSD: Makefile,v 1.16 2011/12/13 15:57:08 spz Exp $ DISTNAME= openpam-20071221 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openpam/} +PKGREVISION= 1 MAINTAINER= joerg@NetBSD.org HOMEPAGE= http://www.openpam.org/ COMMENT= Open-source PAM library +LICENSE= modified-bsd PKG_DESTDIR_SUPPORT= user-destdir diff --git a/security/openpam/distinfo b/security/openpam/distinfo index 8c3475797ca..8a5e33b510e 100644 --- a/security/openpam/distinfo +++ b/security/openpam/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.7 2008/02/18 18:22:18 jlam Exp $ +$NetBSD: distinfo,v 1.8 2011/12/13 15:57:08 spz Exp $ SHA1 (openpam-20071221.tar.gz) = 43d41fa4a86199077c4fe193c52c59365f4c317e RMD160 (openpam-20071221.tar.gz) = cd8f7e94984693b0f892f226bfed6a3f9b24ec72 Size (openpam-20071221.tar.gz) = 396932 bytes -SHA1 (patch-ab) = 8ade188799693e6d7c28f27faf060c645c5d97c5 +SHA1 (patch-ab) = 2405cccb175e58914e36a26ac8aa896a1334b145 SHA1 (patch-ac) = 72fb5ffb67edf9892e6c2db5485fdf51ea4b50ce SHA1 (patch-ad) = 08b0dbd2d84c4239ea898f137d2f0ed7f7476d74 SHA1 (patch-ae) = 4f31bdde2cca94377c4e3ac8e4d42512764b3fac diff --git a/security/openpam/patches/patch-ab b/security/openpam/patches/patch-ab index 08b053bf302..a85cf810dd8 100644 --- a/security/openpam/patches/patch-ab +++ b/security/openpam/patches/patch-ab @@ -1,6 +1,9 @@ -$NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $ +$NetBSD: patch-ab,v 1.4 2011/12/13 15:57:08 spz Exp $ ---- lib/openpam_configure.c.orig 2007-12-21 06:36:24.000000000 -0500 +- pkgsrcification +- prevention of CVE-2011-4122 taken from NetBSD src + +--- lib/openpam_configure.c.orig 2007-12-21 11:36:24.000000000 +0000 +++ lib/openpam_configure.c @@ -70,7 +70,7 @@ static int match_word(const char *str, const char *word) @@ -47,3 +50,16 @@ $NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $ NULL }; +@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh, + size_t len; + int r; + ++ /* Don't allow an escape from policy_path. */ ++ if (strchr(service, '/') != NULL) { ++ openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service); ++ return (-PAM_SYSTEM_ERR); ++ } ++ + for (path = openpam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { -- cgit v1.2.3