This commit is contained in:
Peter Vrabec 2009-09-07 14:56:09 +00:00
parent 8c5573deab
commit cdd12ed1d1
9 changed files with 201 additions and 640 deletions

View file

@ -1 +1 @@
shadow-4.1.4.1.tar.bz2 shadow-4.1.4.2.tar.bz2

View file

@ -1,230 +0,0 @@
diff -U0 shadow-4.1.4.1/ChangeLog.large_group shadow-4.1.4.1/ChangeLog
diff -up shadow-4.1.4.1/lib/gshadow.c.large_group shadow-4.1.4.1/lib/gshadow.c
--- shadow-4.1.4.1/lib/gshadow.c.large_group 2009-04-23 13:53:56.000000000 +0200
+++ shadow-4.1.4.1/lib/gshadow.c 2009-06-16 14:47:08.000000000 +0200
@@ -2,7 +2,7 @@
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 1998, Marek Michałkiewicz
* Copyright (c) 2005 , Tomasz Kłoczko
- * Copyright (c) 2008 , Nicolas François
+ * Copyright (c) 2008 - 2009, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,7 +41,6 @@
#include "prototypes.h"
#include "defines.h"
static /*@null@*/FILE *shadow;
-static char sgrbuf[BUFSIZ * 4];
static /*@null@*//*@only@*/char **members = NULL;
static size_t nmembers = 0;
static /*@null@*//*@only@*/char **admins = NULL;
@@ -131,12 +130,25 @@ void endsgent (void)
/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
{
+ static char *sgrbuf = NULL;
+ static size_t sgrbuflen = 0;
+
char *fields[FIELDS];
char *cp;
int i;
+ size_t len = strlen (string) + 1;
+
+ if (len > sgrbuflen) {
+ char *buf = (char *) realloc (sgrbuf, sizeof (char) * len);
+ if (NULL == buf) {
+ return NULL;
+ }
+ sgrbuf = buf;
+ sgrbuflen = len;
+ }
- strncpy (sgrbuf, string, sizeof sgrbuf - 1);
- sgrbuf[sizeof sgrbuf - 1] = '\0';
+ strncpy (sgrbuf, string, len);
+ sgrbuf[len-1] = '\0';
cp = strrchr (sgrbuf, '\n');
if (NULL != cp) {
@@ -161,7 +173,7 @@ void endsgent (void)
* the line is invalid.
*/
- if ((NULL != cp) || (i != FIELDS))
+ if ((NULL != cp) || (i != FIELDS)) {
#ifdef USE_NIS
if (!IS_NISCHAR (fields[0][0])) {
return 0;
@@ -171,6 +183,7 @@ void endsgent (void)
#else
return 0;
#endif
+ }
sgroup.sg_name = fields[0];
sgroup.sg_passwd = fields[1];
@@ -199,20 +212,48 @@ void endsgent (void)
/*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE * fp)
{
- char buf[sizeof sgrbuf];
+ static size_t buflen = 0;
+ static char *buf = NULL;
+
char *cp;
+ struct sgrp *ret;
+
+ if (0 == buflen) {
+ buf = (char *) malloc (BUFSIZ);
+ if (NULL == buf) {
+ return NULL;
+ }
+ }
if (NULL == fp) {
- return (0);
+ return NULL;
}
#ifdef USE_NIS
- while (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
+ while (fgetsx (buf, (int) sizeof buf, fp) == buf)
#else
- if (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
+ if (fgetsx (buf, (int) sizeof buf, fp) == buf)
#endif
{
- cp = strchr (buf, '\n');
+ while ( ((cp = strrchr (buf, '\n')) == NULL)
+ && (feof (fp) == 0)) {
+ size_t len;
+
+ cp = (char *) realloc (buf, buflen*2);
+ if (NULL == cp) {
+ return NULL;
+ }
+ buf = cp;
+ buflen *= 2;
+
+ len = strlen (buf);
+ if (fgetsx (&buf[len],
+ (int) (buflen - len),
+ fp) != &buf[len]) {
+ return NULL;
+ }
+ }
+ cp = strrchr (buf, '\n');
if (NULL != cp) {
*cp = '\0';
}
@@ -223,7 +264,7 @@ void endsgent (void)
#endif
return (sgetsgent (buf));
}
- return 0;
+ return NULL;
}
/*
@@ -235,7 +276,6 @@ void endsgent (void)
#ifdef USE_NIS
bool nis_1_group = false;
struct sgrp *val;
- char buf[BUFSIZ];
#endif
if (NULL == shadow) {
setsgent ();
@@ -334,7 +374,6 @@ void endsgent (void)
struct sgrp *sgrp;
#ifdef USE_NIS
- char buf[BUFSIZ];
static char save_name[16];
int nis_disabled = 0;
#endif
diff -up shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group shadow-4.1.4.1/libmisc/xgetgrgid.c
--- shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group 2008-09-06 16:56:51.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetgrgid.c 2009-06-16 14:15:08.000000000 +0200
@@ -58,7 +58,6 @@
#define ARG_TYPE gid_t
#define ARG_NAME gid
#define DUP_FUNCTION __gr_dup
-#define MAX_LENGTH 0x8000
#define HAVE_FUNCTION_R (defined HAVE_GETGRGID_R)
#include "xgetXXbyYY.c"
diff -up shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group shadow-4.1.4.1/libmisc/xgetgrnam.c
--- shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group 2008-09-06 16:56:57.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetgrnam.c 2009-06-16 14:15:08.000000000 +0200
@@ -58,7 +58,6 @@
#define ARG_TYPE const char *
#define ARG_NAME name
#define DUP_FUNCTION __gr_dup
-#define MAX_LENGTH 0x8000
#define HAVE_FUNCTION_R (defined HAVE_GETGRNAM_R)
#include "xgetXXbyYY.c"
diff -up shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group shadow-4.1.4.1/libmisc/xgetpwnam.c
--- shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group 2008-09-06 16:57:05.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetpwnam.c 2009-06-16 14:15:08.000000000 +0200
@@ -58,7 +58,6 @@
#define ARG_TYPE const char *
#define ARG_NAME name
#define DUP_FUNCTION __pw_dup
-#define MAX_LENGTH 0x8000
#define HAVE_FUNCTION_R (defined HAVE_GETPWNAM_R)
#include "xgetXXbyYY.c"
diff -up shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group shadow-4.1.4.1/libmisc/xgetpwuid.c
--- shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group 2008-09-06 16:57:11.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetpwuid.c 2009-06-16 14:15:08.000000000 +0200
@@ -58,7 +58,6 @@
#define ARG_TYPE uid_t
#define ARG_NAME uid
#define DUP_FUNCTION __pw_dup
-#define MAX_LENGTH 0x8000
#define HAVE_FUNCTION_R (defined HAVE_GETPWUID_R)
#include "xgetXXbyYY.c"
diff -up shadow-4.1.4.1/libmisc/xgetspnam.c.large_group shadow-4.1.4.1/libmisc/xgetspnam.c
--- shadow-4.1.4.1/libmisc/xgetspnam.c.large_group 2008-09-06 16:57:17.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetspnam.c 2009-06-16 14:15:08.000000000 +0200
@@ -58,7 +58,6 @@
#define ARG_TYPE const char *
#define ARG_NAME name
#define DUP_FUNCTION __spw_dup
-#define MAX_LENGTH 0x8000
#define HAVE_FUNCTION_R (defined HAVE_GETSPNAM_R)
#include "xgetXXbyYY.c"
diff -up shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group shadow-4.1.4.1/libmisc/xgetXXbyYY.c
--- shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group 2009-04-23 11:15:53.000000000 +0200
+++ shadow-4.1.4.1/libmisc/xgetXXbyYY.c 2009-06-16 14:15:08.000000000 +0200
@@ -79,7 +79,7 @@
exit (13);
}
- do {
+ while (true) {
int status;
LOOKUP_TYPE *resbuf = NULL;
buffer = (char *)realloc (buffer, length);
@@ -106,8 +106,14 @@
return NULL;
}
- length *= 4;
- } while (length < MAX_LENGTH);
+ if (length <= ((size_t)-1 / 4)) {
+ length *= 4;
+ } else if (length == (size_t) -1) {
+ break;
+ } else {
+ length = (size_t) -1;
+ }
+ }
free(buffer);
free(result);
diff -up shadow-4.1.4.1/NEWS.large_group shadow-4.1.4.1/NEWS

View file

@ -1,85 +0,0 @@
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c
--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap 2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 10:44:14.482808945 +0200
@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group,
* but we also check the local database (gr_rewind/gr_next) in case
* some groups were created but the changes were not committed yet.
*/
- setgrent ();
- while ((grp = getgrent ()) != NULL) {
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
- group_id = grp->gr_gid + 1;
+ if (sys_group ) {
+ for(group_id = gid_min; group_id<=gid_max; group_id++) {
+ grp = getgrgid(group_id);
+ if(grp)
+ used_gids[grp->gr_gid] = true;
}
- /* create index of used GIDs */
- if (grp->gr_gid <= gid_max) {
- used_gids[grp->gr_gid] = true;
+ }
+ else {
+ setgrent ();
+ while ((grp = getgrent ()) != NULL) {
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+ group_id = grp->gr_gid + 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
+ }
}
+ endgrent ();
}
- endgrent ();
gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c
--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap 2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 10:37:41.668798323 +0200
@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user,
* but we also check the local database (pw_rewind/pw_next) in case
* some users were created but the changes were not committed yet.
*/
- setpwent ();
- while ((pwd = getpwent ()) != NULL) {
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
- user_id = pwd->pw_uid + 1;
+ /* speed up sys users look up on LDAP boxes */
+ if (sys_user) {
+ for (user_id = uid_min; user_id<=uid_max; user_id++) {
+ pwd = getpwuid(user_id);
+ if(pwd)
+ used_uids[user_id] = true;
}
- /* create index of used UIDs */
- if (pwd->pw_uid <= uid_max) {
- used_uids[pwd->pw_uid] = true;
+ }
+ else {
+ setpwent ();
+ while ((pwd = getpwent ()) != NULL) {
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+ user_id = pwd->pw_uid + 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
+ }
}
+ endpwent ();
}
- endpwent ();
pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user,
}
}
+
/* find free system account in reverse order */
if (sys_user) {
for (user_id = uid_max; user_id >= uid_min; user_id--) {

View file

@ -1,300 +0,0 @@
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c
--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 14:19:08.678798578 +0200
@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
/*@null@*/gid_t const *preferred_gid)
{
const struct group *grp;
- gid_t gid_min, gid_max, group_id;
+ gid_t gid_min, gid_max, group_id, id;
bool *used_gids;
assert (gid != NULL);
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
} else {
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
}
@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
return 0;
}
- group_id = gid_min;
/*
* Search the entire group file,
@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group,
* some groups were created but the changes were not committed yet.
*/
if (sys_group ) {
- for(group_id = gid_min; group_id<=gid_max; group_id++) {
- grp = getgrgid(group_id);
- if(grp)
+ group_id = gid_max;
+ for(id = gid_max; id>=gid_min; id--) {
+ grp = getgrgid(id);
+ if(grp) {
+ group_id = id - 1;
used_gids[grp->gr_gid] = true;
+ }
+ }
+
+ gr_rewind ();
+ while ((grp = gr_next ()) != NULL) {
+ if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
+ group_id = grp->gr_gid - 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
+ }
}
}
else {
+ group_id = gid_min;
setgrent ();
while ((grp = getgrent ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group,
}
}
endgrent ();
- }
- gr_rewind ();
- while ((grp = gr_next ()) != NULL) {
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
- group_id = grp->gr_gid + 1;
- }
- /* create index of used GIDs */
- if (grp->gr_gid <= gid_max) {
- used_gids[grp->gr_gid] = true;
- }
- }
- /* find free system account in reverse order */
- if (sys_group) {
- for (group_id = gid_max; group_id >= gid_min; group_id--) {
- if (false == used_gids[group_id]) {
- break;
+ gr_rewind ();
+ while ((grp = gr_next ()) != NULL) {
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+ group_id = grp->gr_gid + 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
}
- }
- if ( group_id < gid_min ) {
- fprintf (stderr,
- _("%s: Can't get unique GID (no more available GIDs)\n"),
- Prog);
- SYSLOG ((LOG_WARN,
- "no more available GID on the system"));
- return -1;
}
}
@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group,
* will give us GID_MAX+1 even if not unique. Search for the first
* free GID starting with GID_MIN.
*/
- if (group_id == gid_max + 1) {
- for (group_id = gid_min; group_id < gid_max; group_id++) {
- if (false == used_gids[group_id]) {
- break;
+ if (sys_group) {
+ if (group_id == gid_min - 1) {
+ for (group_id = gid_max; group_id >= gid_min; group_id--) {
+ if (false == used_gids[group_id]) {
+ break;
+ }
+ }
+ if ( group_id < gid_min ) {
+ fprintf (stderr,
+ _("%s: Can't get unique GID (no more available GIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN,
+ "no more available GID on the system"));
+ return -1;
}
}
- if (group_id == gid_max) {
- fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
- SYSLOG ((LOG_WARN, "no more available GID on the system"));
- return -1;
+ }
+ else {
+ if (group_id == gid_max + 1) {
+ for (group_id = gid_min; group_id < gid_max; group_id++) {
+ if (false == used_gids[group_id]) {
+ break;
+ }
+ }
+ if (group_id == gid_max) {
+ fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
+ SYSLOG ((LOG_WARN, "no more available GID on the system"));
+ return -1;
+ }
}
}
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c
--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 14:13:38.120798526 +0200
@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
/*@null@*/uid_t const *preferred_uid)
{
const struct passwd *pwd;
- uid_t uid_min, uid_max, user_id;
+ uid_t uid_min, uid_max, user_id, id;
bool *used_uids;
assert (uid != NULL);
@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
} else {
- uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 201UL);
uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
}
@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user,
}
- user_id = uid_min;
-
/*
* Search the entire password file,
* looking for the largest unused value.
@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user,
* but we also check the local database (pw_rewind/pw_next) in case
* some users were created but the changes were not committed yet.
*/
- /* speed up sys users look up on LDAP boxes */
if (sys_user) {
- for (user_id = uid_min; user_id<=uid_max; user_id++) {
- pwd = getpwuid(user_id);
- if(pwd)
+ user_id = uid_max;
+ for (id = uid_max; id>=uid_min; id--) {
+ pwd = getpwuid(id);
+ if(pwd) {
+ user_id = id - 1;
used_uids[user_id] = true;
+ }
}
+
+ pw_rewind ();
+ while ((pwd = pw_next ()) != NULL) {
+ if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
+ user_id = pwd->pw_uid - 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
+ }
+ }
+
}
else {
+ user_id = uid_min;
setpwent ();
while ((pwd = getpwent ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user,
}
}
endpwent ();
- }
- pw_rewind ();
- while ((pwd = pw_next ()) != NULL) {
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
- user_id = pwd->pw_uid + 1;
- }
- /* create index of used UIDs */
- if (pwd->pw_uid <= uid_max) {
- used_uids[pwd->pw_uid] = true;
- }
- }
-
- /* find free system account in reverse order */
- if (sys_user) {
- for (user_id = uid_max; user_id >= uid_min; user_id--) {
- if (false == used_uids[user_id]) {
- break;
+ pw_rewind ();
+ while ((pwd = pw_next ()) != NULL) {
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+ user_id = pwd->pw_uid + 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
}
- }
- if (user_id < uid_min ) {
- fprintf (stderr,
- _("%s: Can't get unique system UID (no more available UIDs)\n"),
- Prog);
- SYSLOG ((LOG_WARN,
- "no more available UID on the system"));
- return -1;
}
}
+
/*
* If a user with UID equal to UID_MAX exists, the above algorithm
* will give us UID_MAX+1 even if not unique. Search for the first
* free UID starting with UID_MIN.
*/
- if (user_id == uid_max + 1) {
- for (user_id = uid_min; user_id < uid_max; user_id++) {
- if (false == used_uids[user_id]) {
- break;
+ if (sys_user) {
+ if (user_id == uid_min - 1) {
+ for (user_id = uid_max; user_id >= uid_min; user_id--) {
+ if (false == used_uids[user_id]) {
+ break;
+ }
+ }
+ if (user_id < uid_min ) {
+ fprintf (stderr,
+ _("%s: Can't get unique system UID (no more available UIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN,
+ "no more available UID on the system"));
+ return -1;
}
}
- if (user_id == uid_max) {
- fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog);
- SYSLOG ((LOG_WARN, "no more available UID on the system"));
- return -1;
+ }
+ else {
+ if (user_id == uid_max + 1) {
+ for (user_id = uid_min; user_id < uid_max; user_id++) {
+ if (false == used_uids[user_id]) {
+ break;
+ }
+ }
+ if (user_id == uid_max) {
+ fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN, "no more available UID on the system"));
+ return -1;
+ }
}
}

View file

@ -0,0 +1,65 @@
diff -up shadow-4.1.4.2/lib/commonio.c.fixes shadow-4.1.4.2/lib/commonio.c
--- shadow-4.1.4.2/lib/commonio.c.fixes 2009-09-07 15:51:28.312139467 +0200
+++ shadow-4.1.4.2/lib/commonio.c 2009-09-07 15:52:00.788140456 +0200
@@ -710,7 +710,7 @@ commonio_sort (struct commonio_db *db, i
db->tail->prev = entries[n - 1];
db->tail->next = NULL;
- for (i = 1; i < n; i++) {
+ for (i = 1; i < (n-1); i++) {
entries[i]->prev = entries[i - 1];
entries[i]->next = entries[i + 1];
}
diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c
--- shadow-4.1.4.2/libmisc/cleanup.c.fixes 2009-09-07 15:52:22.449035388 +0200
+++ shadow-4.1.4.2/libmisc/cleanup.c 2009-09-07 15:55:06.632033653 +0200
@@ -107,7 +107,7 @@ void del_cleanup (cleanup_function pcf)
assert (i<CLEANUP_FUNCTIONS);
/* Move the rest of the cleanup functions */
- for (; i<CLEANUP_FUNCTIONS; i++) {
+ for (; i<(CLEANUP_FUNCTIONS - 1); i++) {
/* Make sure the cleanup function was specified only once */
assert (cleanup_functions[i+1] != pcf);
diff -up shadow-4.1.4.2/libmisc/limits.c.fixes shadow-4.1.4.2/libmisc/limits.c
--- shadow-4.1.4.2/libmisc/limits.c.fixes 2009-09-07 15:55:38.734034494 +0200
+++ shadow-4.1.4.2/libmisc/limits.c 2009-09-07 15:56:10.545044166 +0200
@@ -167,7 +167,7 @@ static int check_logins (const char *nam
* includes the user who is currently trying to log in.
*/
if (count > limit) {
- SYSLOG ((LOG_WARN, "Too many logins (max %d) for %s\n",
+ SYSLOG ((LOG_WARN, "Too many logins (max %lu) for %s\n",
limit, name));
return LOGIN_ERROR_LOGIN;
}
diff -up shadow-4.1.4.2/libmisc/utmp.c.fixes shadow-4.1.4.2/libmisc/utmp.c
--- shadow-4.1.4.2/libmisc/utmp.c.fixes 2009-09-07 15:56:30.534033865 +0200
+++ shadow-4.1.4.2/libmisc/utmp.c 2009-09-07 16:11:23.049069289 +0200
@@ -56,7 +56,7 @@ static bool is_my_tty (const char *tty)
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
char full_tty[200];
/* tmptty shall be bigger than full_tty */
- static char tmptty[sizeof (full_tty)+1];
+ static char tmptty[sizeof (full_tty)+1] = "";
if ('/' != *tty) {
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
@@ -71,7 +71,7 @@ static bool is_my_tty (const char *tty)
}
}
- if (NULL == tmptty) {
+ if ('\0' == tmptty[0]) {
(void) puts (_("Unable to determine your tty name."));
exit (EXIT_FAILURE);
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
@@ -200,7 +200,6 @@ static void updwtmpx (const char *filena
strcpy (hostname, host);
#ifdef HAVE_STRUCT_UTMP_UT_HOST
} else if ( (NULL != ut)
- && (NULL != ut->ut_host)
&& ('\0' != ut->ut_host[0])) {
hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));

108
shadow-4.1.4.2-leak.patch Normal file
View file

@ -0,0 +1,108 @@
diff -up shadow-4.1.4.2/lib/groupmem.c.leak shadow-4.1.4.2/lib/groupmem.c
--- shadow-4.1.4.2/lib/groupmem.c.leak 2009-04-23 19:43:27.000000000 +0200
+++ shadow-4.1.4.2/lib/groupmem.c 2009-09-07 15:43:23.314129427 +0200
@@ -51,10 +51,13 @@
*gr = *grent;
gr->gr_name = strdup (grent->gr_name);
if (NULL == gr->gr_name) {
+ free(gr);
return NULL;
}
gr->gr_passwd = strdup (grent->gr_passwd);
if (NULL == gr->gr_passwd) {
+ free(gr->gr_name);
+ free(gr);
return NULL;
}
@@ -62,11 +65,21 @@
gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *));
if (NULL == gr->gr_mem) {
+ free(gr->gr_passwd);
+ free(gr->gr_name);
+ free(gr);
return NULL;
}
for (i = 0; grent->gr_mem[i]; i++) {
gr->gr_mem[i] = strdup (grent->gr_mem[i]);
if (NULL == gr->gr_mem[i]) {
+ int j;
+ for (j=0; j<i; j++)
+ free(gr->gr_mem[j]);
+ free(gr->gr_mem);
+ free(gr->gr_passwd);
+ free(gr->gr_name);
+ free(gr);
return NULL;
}
}
diff -up shadow-4.1.4.2/libmisc/copydir.c.leak shadow-4.1.4.2/libmisc/copydir.c
--- shadow-4.1.4.2/libmisc/copydir.c.leak 2009-05-22 12:16:14.000000000 +0200
+++ shadow-4.1.4.2/libmisc/copydir.c 2009-09-07 15:41:49.217192095 +0200
@@ -443,6 +443,7 @@ static char *readlink_malloc (const char
nchars = readlink (filename, buffer, size);
if (nchars < 0) {
+ free(buffer);
return NULL;
}
diff -up shadow-4.1.4.2/lib/pwmem.c.leak shadow-4.1.4.2/lib/pwmem.c
--- shadow-4.1.4.2/lib/pwmem.c.leak 2009-04-23 19:43:27.000000000 +0200
+++ shadow-4.1.4.2/lib/pwmem.c 2009-09-07 15:41:49.218203063 +0200
@@ -51,22 +51,37 @@
*pw = *pwent;
pw->pw_name = strdup (pwent->pw_name);
if (NULL == pw->pw_name) {
+ free(pw);
return NULL;
}
pw->pw_passwd = strdup (pwent->pw_passwd);
if (NULL == pw->pw_passwd) {
+ free(pw->pw_name);
+ free(pw);
return NULL;
}
pw->pw_gecos = strdup (pwent->pw_gecos);
if (NULL == pw->pw_gecos) {
+ free(pw->pw_passwd);
+ free(pw->pw_name);
+ free(pw);
return NULL;
}
pw->pw_dir = strdup (pwent->pw_dir);
if (NULL == pw->pw_dir) {
+ free(pw->pw_gecos);
+ free(pw->pw_passwd);
+ free(pw->pw_name);
+ free(pw);
return NULL;
}
pw->pw_shell = strdup (pwent->pw_shell);
if (NULL == pw->pw_shell) {
+ free(pw->pw_dir);
+ free(pw->pw_gecos);
+ free(pw->pw_passwd);
+ free(pw->pw_name);
+ free(pw);
return NULL;
}
diff -up shadow-4.1.4.2/lib/shadowmem.c.leak shadow-4.1.4.2/lib/shadowmem.c
--- shadow-4.1.4.2/lib/shadowmem.c.leak 2009-04-23 19:43:27.000000000 +0200
+++ shadow-4.1.4.2/lib/shadowmem.c 2009-09-07 15:41:49.218203063 +0200
@@ -52,10 +52,13 @@
*sp = *spent;
sp->sp_namp = strdup (spent->sp_namp);
if (NULL == sp->sp_namp) {
+ free(sp);
return NULL;
}
sp->sp_pwdp = strdup (spent->sp_pwdp);
if (NULL == sp->sp_pwdp) {
+ free(sp->sp_namp);
+ free(sp);
return NULL;
}

View file

@ -1,6 +1,6 @@
diff -up shadow-4.1.4/libmisc/find_new_gid.c.redhat shadow-4.1.4/libmisc/find_new_gid.c diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.redhat shadow-4.1.4.2/libmisc/find_new_gid.c
--- shadow-4.1.4/libmisc/find_new_gid.c.redhat 2009-04-23 19:36:42.000000000 +0200 --- shadow-4.1.4.2/libmisc/find_new_gid.c.redhat 2009-07-18 01:53:42.000000000 +0200
+++ shadow-4.1.4/libmisc/find_new_gid.c 2009-05-15 12:01:18.000000000 +0200 +++ shadow-4.1.4.2/libmisc/find_new_gid.c 2009-09-07 16:34:26.640814090 +0200
@@ -58,11 +58,11 @@ int find_new_gid (bool sys_group, @@ -58,11 +58,11 @@ int find_new_gid (bool sys_group,
assert (gid != NULL); assert (gid != NULL);
@ -9,15 +9,16 @@ diff -up shadow-4.1.4/libmisc/find_new_gid.c.redhat shadow-4.1.4/libmisc/find_ne
+ gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL); + gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL); gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
} else { } else {
gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL); - gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
- gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1; - gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
+ gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1; + gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
} }
used_gids = alloca (sizeof (bool) * (gid_max +1)); used_gids = alloca (sizeof (bool) * (gid_max +1));
diff -up shadow-4.1.4/libmisc/find_new_uid.c.redhat shadow-4.1.4/libmisc/find_new_uid.c diff -up shadow-4.1.4.2/libmisc/find_new_uid.c.redhat shadow-4.1.4.2/libmisc/find_new_uid.c
--- shadow-4.1.4/libmisc/find_new_uid.c.redhat 2009-04-23 19:37:12.000000000 +0200 --- shadow-4.1.4.2/libmisc/find_new_uid.c.redhat 2009-07-18 01:53:43.000000000 +0200
+++ shadow-4.1.4/libmisc/find_new_uid.c 2009-05-15 12:01:39.000000000 +0200 +++ shadow-4.1.4.2/libmisc/find_new_uid.c 2009-09-07 16:34:19.695877000 +0200
@@ -58,11 +58,11 @@ int find_new_uid (bool sys_user, @@ -58,11 +58,11 @@ int find_new_uid (bool sys_user,
assert (uid != NULL); assert (uid != NULL);
@ -26,15 +27,16 @@ diff -up shadow-4.1.4/libmisc/find_new_uid.c.redhat shadow-4.1.4/libmisc/find_ne
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL); + uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
} else { } else {
uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL); - uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
- uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1; - uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 201UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1; + uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max); uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
} }
used_uids = alloca (sizeof (bool) * (uid_max +1)); used_uids = alloca (sizeof (bool) * (uid_max +1));
diff -up shadow-4.1.4/src/useradd.c.redhat shadow-4.1.4/src/useradd.c diff -up shadow-4.1.4.2/src/useradd.c.redhat shadow-4.1.4.2/src/useradd.c
--- shadow-4.1.4/src/useradd.c.redhat 2009-05-10 20:26:35.000000000 +0200 --- shadow-4.1.4.2/src/useradd.c.redhat 2009-06-06 00:16:58.000000000 +0200
+++ shadow-4.1.4/src/useradd.c 2009-05-15 11:59:40.000000000 +0200 +++ shadow-4.1.4.2/src/useradd.c 2009-09-07 16:34:01.402878101 +0200
@@ -90,7 +90,7 @@ char *Prog; @@ -90,7 +90,7 @@ char *Prog;
static gid_t def_group = 100; static gid_t def_group = 100;
static const char *def_gname = "other"; static const char *def_gname = "other";
@ -53,7 +55,7 @@ diff -up shadow-4.1.4/src/useradd.c.redhat shadow-4.1.4/src/useradd.c
static uid_t user_id; static uid_t user_id;
static gid_t user_gid; static gid_t user_gid;
static const char *user_comment = ""; static const char *user_comment = "";
@@ -996,9 +996,9 @@ static void process_flags (int argc, cha @@ -989,9 +989,9 @@ static void process_flags (int argc, cha
}; };
while ((c = getopt_long (argc, argv, while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
@ -65,7 +67,7 @@ diff -up shadow-4.1.4/src/useradd.c.redhat shadow-4.1.4/src/useradd.c
#endif #endif
long_options, NULL)) != -1) { long_options, NULL)) != -1) {
switch (c) { switch (c) {
@@ -1148,6 +1148,7 @@ static void process_flags (int argc, cha @@ -1141,6 +1141,7 @@ static void process_flags (int argc, cha
case 'M': case 'M':
Mflg = true; Mflg = true;
break; break;

View file

@ -1,17 +1,16 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.1.4.1 Version: 4.1.4.2
Release: 7%{?dist} Release: 1%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
Source1: shadow-4.0.17-login.defs Source1: shadow-4.0.17-login.defs
Source2: shadow-4.0.18.1-useradd Source2: shadow-4.0.18.1-useradd
Patch0: shadow-4.1.4-redhat.patch Patch0: shadow-4.1.4.2-redhat.patch
Patch1: shadow-4.1.4.1-goodname.patch Patch1: shadow-4.1.4.1-goodname.patch
Patch2: shadow-4.1.4.1-largeGroup.patch Patch2: shadow-4.1.4.2-leak.patch
Patch3: shadow-4.1.4.1-ldap.patch Patch3: shadow-4.1.4.2-fixes.patch
Patch4: shadow-4.1.4.1-sysacc.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: libselinux-devel >= 1.25.2-1
@ -37,10 +36,9 @@ are used for managing group accounts.
%prep %prep
%setup -q -n shadow-%{version} %setup -q -n shadow-%{version}
%patch0 -p1 -b .redhat %patch0 -p1 -b .redhat
%patch1 -p1 -b .goodname #%patch1 -p1 -b .goodname
%patch2 -p1 -b .largeGroup #%patch2 -p1 -b .leak
%patch3 -p1 -b .ldap #%patch3 -p1 -b .fixes
%patch4 -p1 -b .sysacc
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -182,6 +180,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Mon Sep 07 2009 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-1
- upgrade
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2:4.1.4.1-7 * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2:4.1.4.1-7
- rebuilt with new audit - rebuilt with new audit

View file

@ -1 +1 @@
62f7dae4cb54fa84e478c4602d58cbe8 shadow-4.1.4.1.tar.bz2 d593a9cab93c48ee0a6ba056db8c1997 shadow-4.1.4.2.tar.bz2