Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
netatalk
netatalk-CVE-2024-38439,38440,38441.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File netatalk-CVE-2024-38439,38440,38441.patch of Package netatalk
Index: netatalk-3.1.18/etc/afpd/auth.c =================================================================== --- netatalk-3.1.18.orig/etc/afpd/auth.c +++ netatalk-3.1.18/etc/afpd/auth.c @@ -616,6 +616,9 @@ int afp_login(AFPObj *obj, char *ibuf, s if (ibuflen < 2) return send_reply(obj, AFPERR_BADVERS ); + if (ibuf == NULL) + return send_reply(obj, AFPERR_PARAM); + ibuf++; len = (unsigned char) *ibuf++; ibuflen -= 2; @@ -670,6 +673,9 @@ int afp_login_ext(AFPObj *obj, char *ibu if (ibuflen < 5) return send_reply(obj, AFPERR_BADVERS ); + if (ibuf == NULL) + return send_reply(obj, AFPERR_PARAM); + ibuf++; ibuf++; /* pad */ ibuf +=2; /* flag */ @@ -757,6 +763,10 @@ int afp_login_ext(AFPObj *obj, char *ibu return send_reply(obj, AFPERR_PARAM); } #endif + if (ibuflen < len) { + LOG(log_error, logtype_afpd, "login_ext: Login failed. Invalid directory service name!" ); + return send_reply(obj, AFPERR_PARAM); + } ibuf += len; ibuflen -= len; Index: netatalk-3.1.18/etc/afpd/directory.c =================================================================== --- netatalk-3.1.18.orig/etc/afpd/directory.c +++ netatalk-3.1.18/etc/afpd/directory.c @@ -2507,6 +2507,9 @@ int afp_mapname(AFPObj *obj, char *ibuf, return( AFPERR_PARAM ); } + if (len >= ibuflen - 1) + return AFPERR_PARAM; + ibuf[ len ] = '\0'; if ( len == 0 ) Index: netatalk-3.1.18/etc/uams/uams_dhx_pam.c =================================================================== --- netatalk-3.1.18.orig/etc/uams/uams_dhx_pam.c +++ netatalk-3.1.18/etc/uams/uams_dhx_pam.c @@ -683,6 +683,8 @@ static int pam_changepw(void *obj, char /* Set these things up for the conv function. the old password * is at the end. */ ibuf += KEYSIZE; + if (ibuflen <= PASSWDLEN + PASSWDLEN) + return AFPERR_PARAM; ibuf[PASSWDLEN + PASSWDLEN] = '\0'; PAM_password = ibuf + PASSWDLEN; @@ -713,6 +715,8 @@ static int pam_changepw(void *obj, char /* new password */ PAM_password = ibuf; + if (ibuflen <= PASSWDLEN) + return AFPERR_PARAM; ibuf[PASSWDLEN] = '\0'; /* this really does need to be done as root */ Index: netatalk-3.1.18/etc/uams/uams_pam.c =================================================================== --- netatalk-3.1.18.orig/etc/uams/uams_pam.c +++ netatalk-3.1.18/etc/uams/uams_pam.c @@ -142,6 +142,8 @@ static int login(void *obj, char *userna hostname = NULL; } + if (ibuflen <= PASSWDLEN) + return AFPERR_PARAM; ibuf[ PASSWDLEN ] = '\0'; if (( pwd = uam_getname(obj, username, ulen)) == NULL ) { Index: netatalk-3.1.18/etc/uams/uams_passwd.c =================================================================== --- netatalk-3.1.18.orig/etc/uams/uams_passwd.c +++ netatalk-3.1.18/etc/uams/uams_passwd.c @@ -66,7 +66,7 @@ static int pwd_login(void *obj, char *us return AFPERR_MISC; #endif /* TRU64 */ - if (ibuflen < PASSWDLEN) { + if (ibuflen <= PASSWDLEN) { return( AFPERR_PARAM ); } ibuf[ PASSWDLEN ] = '\0'; @@ -186,7 +186,7 @@ static int passwd_login_ext(void *obj, c (void *) &username, &ulen) < 0) return AFPERR_MISC; - if (*uname != 3) + if (*uname != 3 || ibuflen < 2) return AFPERR_PARAM; uname++; memcpy(&temp16, uname, sizeof(temp16));
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor