From: Saul Wold <sgw@linux.intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 1/2] tinylogin: fix segfault from crypt()
Date: Fri, 5 Apr 2013 10:09:31 -0700 [thread overview]
Message-ID: <1365181772-18644-2-git-send-email-sgw@linux.intel.com> (raw)
In-Reply-To: <1365181772-18644-1-git-send-email-sgw@linux.intel.com>
In glibc 2.17, crypt() now expects 2 valid chars for the seed or
it will error out and return a NULL. The tinylogin code took the
result from crypt directly into a strcmp() which caused a segfault
Tinylogin has been deperacted, busybox now has login support, I will
investigate using busybox login support for 1.5.
[YOCTO #4097]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
.../tinylogin/tinylogin-1.4/glibc_crypt_fix.patch | 23 ++++++++++++++++++++++
meta/recipes-core/tinylogin/tinylogin_1.4.bb | 4 +++-
2 files changed, 26 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
new file mode 100644
index 0000000..0a24656
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
@@ -0,0 +1,23 @@
+
+staring from glibc 2.17 the crypt() function will error out and return
+NULL if the seed or "correct" is invalid. The failure case for this is
+an unknown user which tinylogin assigns '!' for the password. crypt()
+now expects a minimum of 2 valid characters. If we get a NULL return
+value from the crypt, assume we fail and return 0.
+
+Upstream-Status: Inappropriate [tinylogin depercated]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: tinylogin-1.4/libbb/correct_password.c
+===================================================================
+--- tinylogin-1.4.orig/libbb/correct_password.c
++++ tinylogin-1.4/libbb/correct_password.c
+@@ -74,5 +74,8 @@ int correct_password ( const struct pass
+ }
+ encrypted = crypt ( unencrypted, correct );
+ memset ( unencrypted, 0, xstrlen ( unencrypted ));
++ if ( !encrypted )
++ return 0;
++
+ return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
+ }
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
index aaed92a..6e08011 100644
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
@@ -18,7 +18,9 @@ SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}
file://remove-index.patch \
file://use_O2_option.patch \
file://passwd_rotate_check.patch \
- file://avoid_static.patch"
+ file://avoid_static.patch \
+ file://glibc_crypt_fix.patch \
+ "
SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
--
1.8.0.2
next prev parent reply other threads:[~2013-04-05 17:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-05 17:09 [PATCH 0/2] Fix issue with newer glibc crypt() function Saul Wold
2013-04-05 17:09 ` Saul Wold [this message]
2013-04-05 17:09 ` [PATCH 2/2] shadow: add patch to fix crypt: Invalid Argument Saul Wold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1365181772-18644-2-git-send-email-sgw@linux.intel.com \
--to=sgw@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox