[shadow-utils] fix integer underflow in laslog (#706321)
Peter Vrabec
pvrabec at fedoraproject.org
Tue May 31 08:01:06 UTC 2011
commit 6e8f6080320a989fe4494aadc81bfdd5d4901315
Author: Peter Vrabec <pvrabec at redhat.com>
Date: Tue May 31 10:00:39 2011 +0200
fix integer underflow in laslog (#706321)
shadow-4.1.4.2-underflow.patch | 21 ++++++++++++++++++---
shadow-utils.spec | 5 ++++-
2 files changed, 22 insertions(+), 4 deletions(-)
---
diff --git a/shadow-4.1.4.2-underflow.patch b/shadow-4.1.4.2-underflow.patch
index 87f8931..a3c0d47 100644
--- a/shadow-4.1.4.2-underflow.patch
+++ b/shadow-4.1.4.2-underflow.patch
@@ -1,6 +1,6 @@
-diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
---- shadow-4.1.4.2/src/faillog.c.overflow 2010-06-14 10:40:28.023030897 +0200
-+++ shadow-4.1.4.2/src/faillog.c 2010-06-14 10:53:10.884034750 +0200
+diff -up shadow-4.1.4.3/src/faillog.c.underflow shadow-4.1.4.3/src/faillog.c
+--- shadow-4.1.4.3/src/faillog.c.underflow 2011-02-13 12:58:16.000000000 -0500
++++ shadow-4.1.4.3/src/faillog.c 2011-05-30 17:48:55.000000000 -0400
@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
return;
}
@@ -41,3 +41,18 @@ diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
/* fseeko errors are not really relevant for us. */
int err = fseeko (fail, offset, SEEK_SET);
assert (0 == err);
+diff -up shadow-4.1.4.3/src/lastlog.c.underflow shadow-4.1.4.3/src/lastlog.c
+--- shadow-4.1.4.3/src/lastlog.c.underflow 2011-05-31 03:52:25.000000000 -0400
++++ shadow-4.1.4.3/src/lastlog.c 2011-05-31 03:53:32.000000000 -0400
+@@ -102,9 +102,8 @@ static void print_one (/*@null@*/const s
+ }
+
+
+- offset = pw->pw_uid * sizeof (ll);
+-
+- if (offset <= (statbuf.st_size - sizeof (ll))) {
++ offset = (off_t) pw->pw_uid * sizeof (ll);
++ if (offset + sizeof (ll) <= statbuf.st_size - sizeof (ll)) {
+ /* fseeko errors are not really relevant for us. */
+ int err = fseeko (lastlogfile, offset, SEEK_SET);
+ assert (0 == err);
diff --git a/shadow-utils.spec b/shadow-utils.spec
index c8edc0f..38f119b 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@@ -200,6 +200,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
+* Tue May 31 2011 Peter Vrabec <pvrabec at redhat.com> - 2:4.1.4.3-2
+- fix integer underflow in laslog (#706321)
+
* Fri May 20 2011 Peter Vrabec <pvrabec at redhat.com> - 2:4.1.4.3-1
- upgrade
- change UID/GID_MIN to #1000
More information about the scm-commits
mailing list