[apr-util] fix crypt_r failure modes (#819650)
jorton
jorton at fedoraproject.org
Wed Jun 6 13:17:16 UTC 2012
commit 8c653cd038f9cc6202aacf03fa745ca3b01de401
Author: Joe Orton <jorton at redhat.com>
Date: Wed Jun 6 14:17:13 2012 +0100
fix crypt_r failure modes (#819650)
Resolves: rhbz#819650
apr-util-1.4.1-r1346875.patch | 38 ++++++++++++++++++++++++++++++++++++++
apr-util.spec | 7 ++++++-
2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/apr-util-1.4.1-r1346875.patch b/apr-util-1.4.1-r1346875.patch
new file mode 100644
index 0000000..3a2743c
--- /dev/null
+++ b/apr-util-1.4.1-r1346875.patch
@@ -0,0 +1,38 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=819650
+
+http://svn.apache.org/viewvc?view=revision&revision=1346875
+
+--- apr-util-1.4.1/crypto/apr_md5.c.r1346875
++++ apr-util-1.4.1/crypto/apr_md5.c
+@@ -721,6 +721,9 @@ APU_DECLARE(apr_status_t) apr_password_v
+ CRYPTD buffer;
+
+ crypt_pw = crypt_r(passwd, hash, &buffer);
++ if (!crypt_pw) {
++ return APR_EMISMATCH;
++ }
+ apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ #elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
+ struct crypt_data buffer;
+@@ -732,6 +735,9 @@ APU_DECLARE(apr_status_t) apr_password_v
+ */
+ memset(&buffer, 0, sizeof(buffer));
+ crypt_pw = crypt_r(passwd, hash, &buffer);
++ if (!crypt_pw) {
++ return APR_EMISMATCH;
++ }
+ apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ #else
+ /* Do a bit of sanity checking since we know that crypt_r()
+@@ -748,6 +754,10 @@ APU_DECLARE(apr_status_t) apr_password_v
+ */
+ crypt_mutex_lock();
+ crypt_pw = crypt(passwd, hash);
++ if (!crypt_pw) {
++ crypt_mutex_unlock();
++ return APR_EMISMATCH;
++ }
+ apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ crypt_mutex_unlock();
+ #endif
diff --git a/apr-util.spec b/apr-util.spec
index 869d830..4b3bb18 100644
--- a/apr-util.spec
+++ b/apr-util.spec
@@ -10,13 +10,14 @@
Summary: Apache Portable Runtime Utility library
Name: apr-util
Version: 1.4.1
-Release: 3%{?dist}
+Release: 4%{?dist}
License: ASL 2.0
Group: System Environment/Libraries
URL: http://apr.apache.org/
Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
Patch1: apr-util-1.2.7-pkgconf.patch
Patch2: apr-util-1.3.7-nodbmdso.patch
+Patch3: apr-util-1.4.1-r1346875.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: autoconf, apr-devel >= 1.3.0
BuildRequires: %{dbdep}, expat-devel, libuuid-devel
@@ -120,6 +121,7 @@ This package provides the NSS crypto support for the apr-util.
%setup -q
%patch1 -p1 -b .pkgconf
%patch2 -p1 -b .nodbmdso
+%patch3 -p1 -b .r1346875
%build
autoheader && autoconf
@@ -224,6 +226,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/*.m4
%changelog
+* Wed Jun 6 2012 Joe Orton <jorton at redhat.com> - 1.4.1-4
+- fix crypt_r failure modes (#819650)
+
* Tue Apr 24 2012 Joe Orton <jorton at redhat.com> - 1.4.1-3
- apply _isa to deps
More information about the scm-commits
mailing list