Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.1:Update
pam
bug-724480_pam_env-fix-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-724480_pam_env-fix-overflow.patch of Package pam
Description: correctly count leading whitespace when parsing environment file (CVE-2011-3148). Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 Author: Kees Cook <kees@debian.org> Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c =================================================================== --- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c +++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c @@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char char *p = buffer; char *s, *os; int used = 0; + int whitespace; /* loop broken with a 'break' when a non-'\\n' ended line is read */ @@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char /* skip leading spaces --- line may be blank */ - s = p + strspn(p, " \n\t"); + whitespace = strspn(p, " \n\t"); + s = p + whitespace; if (*s && (*s != '#')) { + used += whitespace; os = s; /*
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor