[Pkg-shadow-commits] r2690 - in upstream/trunk: . lib src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Wed Apr 15 17:50:17 UTC 2009
Author: nekral-guest
Date: 2009-04-15 17:50:17 +0000 (Wed, 15 Apr 2009)
New Revision: 2690
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/lib/getlong.c
upstream/trunk/src/login.c
Log:
* NEWS, srclib/getlong.c: Fix parsing of octal numbers.
* NEWS, src/login.c: Fix segfault when no user is provided on the
command line.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2009-04-15 17:42:34 UTC (rev 2689)
+++ upstream/trunk/ChangeLog 2009-04-15 17:50:17 UTC (rev 2690)
@@ -1,5 +1,14 @@
+2009-04-15 Peter Vrabec <pvrabec at redhat.com>
+
+ * NEWS, srclib/getlong.c: Fix parsing of octal numbers.
+
2009-04-15 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, src/login.c: Fix segfault when no user is provided on the
+ command line.
+
+2009-04-15 Nicolas François <nicolas.francois at centraliens.net>
+
* README, libmisc/system.c: Was contributed by Dan Walsh.
2009-04-15 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2009-04-15 17:42:34 UTC (rev 2689)
+++ upstream/trunk/NEWS 2009-04-15 17:50:17 UTC (rev 2690)
@@ -1,11 +1,19 @@
$Id$
-shadow-4.1.3 -> shadow-4.1.3.1 UNRELEASED
+shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
+*** security:
+- Due to bad parsing of octal permissions, the permissions on tty (login)
+ but also home directories, mailboxes, or UMASK were set wrongly (and
+ weirdly). Only shadow-4.1.3 was affected.
+
+*** general
- vipw
* SE Linux: Set the default context to the context of the file being
edited. This ensures that the backup file inherit from the file's
context.
+- login
+ * Fix regression when no user is specified on the command line.
shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12
Modified: upstream/trunk/lib/getlong.c
===================================================================
--- upstream/trunk/lib/getlong.c 2009-04-15 17:42:34 UTC (rev 2689)
+++ upstream/trunk/lib/getlong.c 2009-04-15 17:50:17 UTC (rev 2690)
@@ -35,13 +35,20 @@
#include <errno.h>
#include "prototypes.h"
+/*
+ * getlong - extract a long integer provided by the numstr string in *result
+ *
+ * It supports decimal, hexadecimal or octal representations.
+ *
+ * Returns 0 on failure, 1 on success.
+ */
int getlong (const char *numstr, long int *result)
{
long val;
char *endptr;
errno = 0;
- val = strtol (numstr, &endptr, 10);
+ val = strtol (numstr, &endptr, 0);
if (('\0' == numstr) || ('\0' != *endptr) || (ERANGE == errno)) {
return 0;
}
Modified: upstream/trunk/src/login.c
===================================================================
--- upstream/trunk/src/login.c 2009-04-15 17:42:34 UTC (rev 2689)
+++ upstream/trunk/src/login.c 2009-04-15 17:50:17 UTC (rev 2690)
@@ -682,7 +682,7 @@
set it to NULL */
retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
PAM_FAIL_CHECK;
- if (pam_user[0] == '\0') {
+ if ((NULL != pam_user) && ('\0' == pam_user[0])) {
retcode = pam_set_item (pamh, PAM_USER, NULL);
PAM_FAIL_CHECK;
}
More information about the Pkg-shadow-commits
mailing list