vbatts/shadow-utils-newxidmap
1
0
Fork 0
Code Issues Pull requests Releases Activity

- fix integer underflow in faillog (#603683)

Browse source 
- use preferred GID for reserved static IDs
This commit is contained in:
Peter Vrabec 2010-06-14 11:15:21 +00:00
parent 6631e0269c
commit 59e397ee42
3 changed files with 77 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
shadow-4.1.4.2-uflg.patch Normal file
View file

@ -0,0 +1,25 @@
diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.uflg shadow-4.1.4.2/libmisc/find_new_gid.c
--- shadow-4.1.4.2/libmisc/find_new_gid.c.uflg 2010-05-21 11:31:36.069929199 +0200
+++ shadow-4.1.4.2/libmisc/find_new_gid.c 2010-05-21 11:31:47.600963338 +0200
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
} else {
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
}
@@ -79,7 +79,11 @@ int find_new_gid (bool sys_group,
*gid = *preferred_gid;
return 0;
}
-
+
+ /* if we did not find free preffered system gid, we start to look for
+ * one in the range assigned to dynamic system IDs */
+ if (sys_group)
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
/*
* Search the entire group file,

43
shadow-4.1.4.2-underflow.patch Normal file
View file

@ -0,0 +1,43 @@
diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
--- shadow-4.1.4.2/src/faillog.c.overflow 2010-06-14 10:40:28.023030897 +0200
+++ shadow-4.1.4.2/src/faillog.c 2010-06-14 10:53:10.884034750 +0200
@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
return;
}
- offset = pw->pw_uid * sizeof (fl);
- if (offset <= (statbuf.st_size - sizeof (fl))) {
+ offset = (off_t) pw->pw_uid * sizeof (fl);
+ if (offset + sizeof (fl) <= statbuf.st_size) {
/* fseeko errors are not really relevant for us. */
int err = fseeko (fail, offset, SEEK_SET);
assert (0 == err);
@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid)
off_t offset;
struct faillog fl;
- offset = uid * sizeof (fl);
- if (offset <= (statbuf.st_size - sizeof (fl))) {
+ offset = (off_t) uid * sizeof (fl);
+ if (offset + sizeof (fl) <= statbuf.st_size) {
/* fseeko errors are not really relevant for us. */
int err = fseeko (fail, offset, SEEK_SET);
assert (0 == err);
@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m
struct faillog fl;
offset = (off_t) uid * sizeof (fl);
- if (offset <= (statbuf.st_size - sizeof (fl))) {
+ if (offset + sizeof (fl) <= statbuf.st_size) {
/* fseeko errors are not really relevant for us. */
int err = fseeko (fail, offset, SEEK_SET);
assert (0 == err);
@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid,
struct faillog fl;
offset = (off_t) uid * sizeof (fl);
- if (offset <= (statbuf.st_size - sizeof (fl))) {
+ if (offset + sizeof (fl) <= statbuf.st_size) {
/* fseeko errors are not really relevant for us. */
int err = fseeko (fail, offset, SEEK_SET);
assert (0 == err);

10
shadow-utils.spec
View file

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.1.4.2 Version: 4.1.4.2
Release: 6%{?dist} Release: 7%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@ -14,6 +14,8 @@ Patch3: shadow-4.1.4.2-fixes.patch
Patch4: shadow-4.1.4.2-infoParentDir.patch Patch4: shadow-4.1.4.2-infoParentDir.patch
Patch5: shadow-4.1.4.2-semange.patch Patch5: shadow-4.1.4.2-semange.patch
Patch6: shadow-4.1.4.2-acl.patch Patch6: shadow-4.1.4.2-acl.patch
Patch7: shadow-4.1.4.2-underflow.patch
Patch8: shadow-4.1.4.2-uflg.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: libselinux-devel >= 1.25.2-1
@ -46,6 +48,8 @@ are used for managing group accounts.
%patch4 -p1 -b .infoParentDir %patch4 -p1 -b .infoParentDir
%patch5 -p1 -b .semange %patch5 -p1 -b .semange
%patch6 -p1 -b .acl %patch6 -p1 -b .acl
%patch7 -p1 -b .underflow
%patch8 -p1 -b .uflg
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -188,6 +192,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Mon Jun 14 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-7
- fix integer underflow in faillog (#603683)
- use preferred GID for reserved static IDs
* Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6 * Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6
- preserve ACL's on files in /etc/skel - preserve ACL's on files in /etc/skel
Resolves: #513055 Resolves: #513055