[cvs] Do not crash if crypt(3) returns NULL
Petr Pisar
ppisar at fedoraproject.org
Wed Jun 5 07:19:26 UTC 2013
commit 43c6c6ea17ede9d9905947390e97c2b8e529d098
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Jun 5 09:00:47 2013 +0200
Do not crash if crypt(3) returns NULL
cvs-1.11.23-crypt-2.diff | 65 ++++++++++++++++++++++++++++++++++++++++++++++
cvs.spec | 4 +++
2 files changed, 69 insertions(+), 0 deletions(-)
---
diff --git a/cvs-1.11.23-crypt-2.diff b/cvs-1.11.23-crypt-2.diff
new file mode 100644
index 0000000..20eca5e
--- /dev/null
+++ b/cvs-1.11.23-crypt-2.diff
@@ -0,0 +1,65 @@
+From f3ba6614adc715b658fa7ba8de380c5890665de5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Wed, 5 Jun 2013 09:08:42 +0200
+Subject: [PATCH] crypt(3) can return NULL
+
+crypt(3) can fail and return NULL since glibc-2.17. This patch
+prevents from crashing CVS in that case.
+
+Patch ported from upstream report
+<https://savannah.nongnu.org/bugs/index.php?39040> developed by
+<mancha1 at hush.com>.
+---
+ src/server.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index bc6f0d0..348338c 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -5647,9 +5647,11 @@ check_repository_password (username, password, repository, host_user_ptr)
+ host_user_tmp = username;
+
+ /* Verify blank passwords directly, otherwise use crypt(). */
++ char *crypt_passwd = found_password ? crypt (password, found_password): NULL;
+ if ((found_password == NULL)
+- || ((strcmp (found_password, crypt (password, found_password))
+- == 0)))
++ || (crypt_passwd != NULL
++ && (strcmp (found_password, crypt_passwd)
++ == 0)))
+ {
+ /* Give host_user_ptr permanent storage. */
+ *host_user_ptr = xstrdup (host_user_tmp);
+@@ -5660,7 +5662,7 @@ check_repository_password (username, password, repository, host_user_ptr)
+ #ifdef LOG_AUTHPRIV
+ syslog (LOG_AUTHPRIV | LOG_NOTICE,
+ "password mismatch for %s in %s: %s vs. %s", username,
+- repository, crypt(password, found_password), found_password);
++ repository, crypt_passwd, found_password);
+ #endif
+ *host_user_ptr = NULL;
+ retval = 2;
+@@ -5869,7 +5871,9 @@ error %s getnameinfo failed\n", strerror (errno));
+ pamh = NULL;
+ }
+ #else
+- if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
++ char *crypt_passwd = crypt (password, found_passwd);
++ if ((crypt_passwd != NULL) &&
++ (strcmp (found_passwd, crypt_passwd) == 0))
+ {
+ host_user = xstrdup (username);
+ }
+@@ -5879,7 +5883,7 @@ error %s getnameinfo failed\n", strerror (errno));
+ #ifdef LOG_AUTHPRIV
+ syslog (LOG_AUTHPRIV | LOG_NOTICE,
+ "password mismatch for %s: %s vs. %s", username,
+- crypt(password, found_passwd), found_passwd);
++ crypt_passwd, found_passwd);
+ #endif
+ }
+ #endif
+--
+1.8.1.4
+
diff --git a/cvs.spec b/cvs.spec
index 4edf444..1c12430 100644
--- a/cvs.spec
+++ b/cvs.spec
@@ -92,6 +92,8 @@ Patch27: cvs-1.11.23-Pass-server-IP-address-instead-of-hostname-to-GSSAPI.patch
Patch28: cvs-1.11.23-Fix-proxy-response-parser.patch
# Correct texinfo syntax, bug #970716, submitted to upstream as bug #39166
Patch29: cvs-1.11.23-doc-Add-mandatory-argument-to-sp.patch
+# Excpect crypt(3) can return NULL, bug #966497, upstream bug #39040
+Patch30: cvs-1.11.23-crypt-2.diff
%description
CVS (Concurrent Versions System) is a version control system that can
@@ -178,6 +180,7 @@ pages in PDF.
%patch27 -p1 -b .gssapi_dns
%patch28 -p1 -b .proxy_response_parser
%patch29 -p1 -b .texinfo_sp
+%patch30 -p1 -b .null_crypt
# Apply a patch to the generated files, OR
# run autoreconf and require autoconf >= 2.58, automake >= 1.7.9
@@ -280,6 +283,7 @@ exit 0
%changelog
* Wed Jun 05 2013 Petr Pisar <ppisar at redhat.com> - 1.11.23-30
- Fix texinfo documentation to work with texinfo-5.1 (bug #970716)
+- Do not crash if crypt(3) returns NULL (bug #966497)
* Tue Feb 12 2013 Petr Pisar <ppisar at redhat.com> - 1.11.23-29
- Correct handling systemd service (bug #737264)
More information about the scm-commits
mailing list