[Pkg-shadow-devel] [shadow] 01/01: add three security patches
Serge Hallyn
hallyn-guest at moszumanska.debian.org
Sat Aug 6 02:56:46 UTC 2016
This is an automated email from the git hooks/post-receive script.
hallyn-guest pushed a commit to branch master
in repository shadow.
commit 68cd195044deb448c865d267499e1e4fd9322057
Author: Serge Hallyn <serge at hallyn.com>
Date: Fri Aug 5 17:44:27 2016 -0500
add three security patches
Signed-off-by: Serge Hallyn <serge at hallyn.com>
---
debian/changelog | 3 +-
.../0001-get_map_ranges-check-for-overflow.patch | 37 +++++++++++++++++
debian/patches/0002-Simplify-getulong.patch | 46 ++++++++++++++++++++++
.../patches/0003-also-check-upper-for-wrap.patch | 23 +++++++++++
debian/patches/series | 3 ++
5 files changed, 111 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 2137f43..cf00f0a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,11 +12,12 @@ shadow (1:4.3-1) unstable; urgency=medium
* debian/control:
- replace nekral with myself in Uploaders (Closes: #832380)
- Update VCS fields to use https
+ * Add three upstream security patches (which are not in the 4.3 release)
[ Niels Thykier ]
* debian/rules: explicitly set SHELL to /bin/sh
- -- Serge Hallyn <serge.hallyn at ubuntu.com> Wed, 16 Mar 2016 17:32:22 -0700
+ -- Serge Hallyn <serge.hallyn at ubuntu.com> Fri, 05 Aug 2016 17:43:39 -0500
shadow (1:4.2-3.1) unstable; urgency=medium
diff --git a/debian/patches/0001-get_map_ranges-check-for-overflow.patch b/debian/patches/0001-get_map_ranges-check-for-overflow.patch
new file mode 100644
index 0000000..6f2bc91
--- /dev/null
+++ b/debian/patches/0001-get_map_ranges-check-for-overflow.patch
@@ -0,0 +1,37 @@
+From 7f5a14817d304c4f9ac0aff864f27d95a8cc75ca Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge at hallyn.com>
+Date: Sun, 31 Jul 2016 12:55:44 -0500
+Subject: [PATCH 1/3] get_map_ranges: check for overflow
+
+The kernel accepts u32 values, so make sure that userspace
+is not passing large values.
+
+Signed-off-by: Serge Hallyn <serge at hallyn.com>
+---
+ libmisc/idmapping.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c
+index 0dce634..f105a41 100644
+--- a/libmisc/idmapping.c
++++ b/libmisc/idmapping.c
+@@ -83,6 +83,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
+ free(mappings);
+ return NULL;
+ }
++ if (mapping->upper > UINT_MAX ||
++ mapping->lower > UINT_MAX ||
++ mapping->count > UINT_MAX) {
++ free(mappings);
++ return NULL;
++ }
++ if (mapping->lower + mapping->count < mapping->lower) {
++ free(mapping);
++ return NULL;
++ }
+ }
+ return mappings;
+ }
+--
+2.7.4
+
diff --git a/debian/patches/0002-Simplify-getulong.patch b/debian/patches/0002-Simplify-getulong.patch
new file mode 100644
index 0000000..05e6667
--- /dev/null
+++ b/debian/patches/0002-Simplify-getulong.patch
@@ -0,0 +1,46 @@
+From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer at suse.com>
+Date: Wed, 3 Aug 2016 11:51:07 -0500
+Subject: [PATCH 2/3] Simplify getulong
+
+Use strtoul to read an unsigned long, rather than reading
+a signed long long and casting it.
+
+https://bugzilla.suse.com/show_bug.cgi?id=979282
+---
+ lib/getulong.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/lib/getulong.c b/lib/getulong.c
+index 61579ca..08d2c1a 100644
+--- a/lib/getulong.c
++++ b/lib/getulong.c
+@@ -44,22 +44,19 @@
+ */
+ int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+ {
+- long long int val;
++ unsigned long int val;
+ char *endptr;
+
+ errno = 0;
+- val = strtoll (numstr, &endptr, 0);
++ val = strtoul (numstr, &endptr, 0);
+ if ( ('\0' == *numstr)
+ || ('\0' != *endptr)
+ || (ERANGE == errno)
+- /*@+ignoresigns@*/
+- || (val != (unsigned long int)val)
+- /*@=ignoresigns@*/
+ ) {
+ return 0;
+ }
+
+- *result = (unsigned long int)val;
++ *result = val;
+ return 1;
+ }
+
+--
+2.7.4
+
diff --git a/debian/patches/0003-also-check-upper-for-wrap.patch b/debian/patches/0003-also-check-upper-for-wrap.patch
new file mode 100644
index 0000000..110d95a
--- /dev/null
+++ b/debian/patches/0003-also-check-upper-for-wrap.patch
@@ -0,0 +1,23 @@
+From 801935d7e54d0cc169b37fe00cad1ce84e77048b Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge at hallyn.com>
+Date: Fri, 5 Aug 2016 17:16:48 -0500
+Subject: [PATCH 3/3] also check upper for wrap
+
+---
+ libmisc/idmapping.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: shadow/libmisc/idmapping.c
+===================================================================
+--- shadow.orig/libmisc/idmapping.c
++++ shadow/libmisc/idmapping.c
+@@ -89,7 +89,8 @@ struct map_range *get_map_ranges(int ran
+ free(mappings);
+ return NULL;
+ }
+- if (mapping->lower + mapping->count < mapping->lower) {
++ if (mapping->lower + mapping->count < mapping->lower ||
++ mapping->upper + mapping->count < mapping->upper) {
+ free(mapping);
+ return NULL;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index ae07280..92b5b0d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,6 @@
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
#1010_vietnamese_translation
+0001-get_map_ranges-check-for-overflow.patch
+0002-Simplify-getulong.patch
+0003-also-check-upper-for-wrap.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shadow/shadow.git
More information about the Pkg-shadow-devel
mailing list