From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: cracklib: Fix buffer overflow Date: Thu, 15 Sep 2016 11:36:46 -0400 Message-ID: <20160915153646.GA31020@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cmJC7u66zC7hs+87" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37937) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkYil-0000mw-If for guix-devel@gnu.org; Thu, 15 Sep 2016 11:37:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkYig-0001aL-VG for guix-devel@gnu.org; Thu, 15 Sep 2016 11:37:03 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48493) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkYif-0001WO-Fl for guix-devel@gnu.org; Thu, 15 Sep 2016 11:36:58 -0400 Received: from localhost (unknown [172.56.4.242]) by mail.messagingengine.com (Postfix) with ESMTPA id D9554CCE8B for ; Thu, 15 Sep 2016 11:36:49 -0400 (EDT) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --cmJC7u66zC7hs+87 Content-Type: multipart/mixed; boundary="HlL+5n6rz5pIUxbD" Content-Disposition: inline --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This patch cherry-picks an upstream commit to fix a buffer overflow in cracklib. Please see the patch file for more information about the bug. --HlL+5n6rz5pIUxbD Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-cracklib-Fix-buffer-overflow.patch" Content-Transfer-Encoding: quoted-printable =46rom 62f8f1763ba1766e92e8dc05686bd9353eaf2ad5 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Thu, 15 Sep 2016 11:34:49 -0400 Subject: [PATCH] gnu: cracklib: Fix buffer overflow. * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/password-utils.scm (cracklib)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/password-utils.scm | 3 +- .../patches/cracklib-fix-buffer-overflow.patch | 39 ++++++++++++++++++= ++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/cracklib-fix-buffer-overflow.patch diff --git a/gnu/local.mk b/gnu/local.mk index a7006cb..ab052af 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -473,6 +473,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ + %D%/packages/patches/cracklib-fix-buffer-overflow.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.= scm index 7288da6..40ed933 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -160,7 +160,8 @@ and vice versa.") (uri (string-append "https://github.com/cracklib/cracklib/" "releases/download/" name "-" version "/" name "-" version ".tar.gz")) - (patches (search-patches "cracklib-CVE-2016-6318.patch")) + (patches (search-patches "cracklib-CVE-2016-6318.patch" + "cracklib-fix-buffer-overflow.patch= ")) (sha256 (base32 "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp")))) diff --git a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch b/gnu/= packages/patches/cracklib-fix-buffer-overflow.patch new file mode 100644 index 0000000..b1c990f --- /dev/null +++ b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch @@ -0,0 +1,39 @@ +Fix buffer overflow processing long words in Mangle(). + +Patch adpated from upstream commit, omitting changes to 'NEWS': + +https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad2= 45836c6edb + +From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 +From: Jan Dittberner +Date: Thu, 25 Aug 2016 17:17:53 +0200 +Subject: [PATCH] Fix a buffer overflow processing long words + +A buffer overflow processing long words has been discovered. This commit +applies the patch from +https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-ove= rflow-processing-long-words.patch +by Howard Guo. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D835386 and +http://www.openwall.com/lists/oss-security/2016/08/23/8 +--- + src/NEWS | 1 + + src/lib/rules.c | 5 ++--- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib/rules.c b/src/lib/rules.c +index d193cc0..3a2aa46 100644 +--- a/lib/rules.c ++++ b/lib/rules.c +@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a cont= rolled Mangle */ + { + int limit; + register char *ptr; +- static char area[STRINGSIZE]; +- char area2[STRINGSIZE]; +- area[0] =3D '\0'; ++ static char area[STRINGSIZE * 2] =3D {0}; ++ char area2[STRINGSIZE * 2] =3D {0}; + strcpy(area, input); +=20 + for (ptr =3D control; *ptr; ptr++) --=20 2.10.0 --HlL+5n6rz5pIUxbD-- --cmJC7u66zC7hs+87 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX2sAOAAoJECZG+jC6yn8ICW4P/0qTmTjTOgTmf/yntc1r9D1V TyHhWmgfCVF/gWpSoBE2kXEiTdNpv+fnZvGeH+cukdVABP8DpMaNaDlq8kuonXNT LhOjI8SrnvdBekyrT+bJqmeEuYSz5lrfZnZBeyXFc8LzQ3iNH6/Ogoy9os0+/nwK 5MbwSRkHzeQeSq9KkrYnDui2YZU41M9Ph9FD5qQN3Qw5h/GPqbILTI9GaX8wmL+C IT3l5Yh0OwbgvGA61TUbB94fBK9CVwG9DDHFNUUN7IZxohh71EXc6ZPO+rweZiKz +LRVxyE/0ZAqzCyqUXvAtGD+SZ5OfCVAwm/3ccmqj4RnLxktt39JVFsBUo7MsV/R 7O9A+jiczjX5LWrXque3q5kqIamgU4WTpTueCw+C4uLmRcumscmX1z347X32osme Hbf+FZkv8bVNJd04K4OC5sciwTcky27vjnyU5+2hYUY/DMgY3WsM2b+tIa9y85TV 64syhj8bJ7lKsyO9CuJUhT5qBxQ6MC0YUSCcu2rrRs6gOqyFOQCBH+AReTQ47Hiw w9UAGfuszMkgHygPs9nNAQfJTNhZFnboIrGPoNfMktRcWacqCVmpBA+D1eqd94ci o5G3nVtxaJX2IA2Dnz7gqUjF5zuDXsA9gq8fTmUJZ4qCqfbS4xoMITClYiRhElqR EtWVHVclkKyNRdpZxjvb =UlTb -----END PGP SIGNATURE----- --cmJC7u66zC7hs+87--