Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
pam
bug-724480_pam_env-fix-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-724480_pam_env-fix-overflow.patch of Package pam
Description: correctly count leading whitespace when parsing environment file (CVE-2011-3148). Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 Author: Kees Cook <kees@debian.org> Index: pam-debian/modules/pam_env/pam_env.c =================================================================== --- pam-debian.orig/modules/pam_env/pam_env.c 2011-10-14 10:51:30.973701139 -0700 +++ pam-debian/modules/pam_env/pam_env.c 2011-10-14 12:32:25.578188004 -0700 @@ -287,6 +287,7 @@ char *p = buffer; char *s, *os; int used = 0; + int whitespace; /* loop broken with a 'break' when a non-'\\n' ended line is read */ @@ -309,8 +310,10 @@ /* skip leading spaces --- line may be blank */ - s = p + strspn(p, " \n\t"); + whitespace = strspn(p, " \n\t"); + s = p + whitespace; if (*s && (*s != '#')) { + used += whitespace; os = s; /*
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor