[shadow-utils] fix integer underflow in laslog (#706321)

Peter Vrabec pvrabec at fedoraproject.org
Tue May 31 08:01:06 UTC 2011 

commit 6e8f6080320a989fe4494aadc81bfdd5d4901315
Author: Peter Vrabec <pvrabec at redhat.com>
Date:   Tue May 31 10:00:39 2011 +0200

    fix integer underflow in laslog (#706321)

 shadow-4.1.4.2-underflow.patch |   21 ++++++++++++++++++---
 shadow-utils.spec              |    5 ++++-
 2 files changed, 22 insertions(+), 4 deletions(-)
---
diff --git a/shadow-4.1.4.2-underflow.patch b/shadow-4.1.4.2-underflow.patch
index 87f8931..a3c0d47 100644
--- a/shadow-4.1.4.2-underflow.patch
+++ b/shadow-4.1.4.2-underflow.patch
@@ -1,6 +1,6 @@
-diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
---- shadow-4.1.4.2/src/faillog.c.overflow	2010-06-14 10:40:28.023030897 +0200
-+++ shadow-4.1.4.2/src/faillog.c	2010-06-14 10:53:10.884034750 +0200
+diff -up shadow-4.1.4.3/src/faillog.c.underflow shadow-4.1.4.3/src/faillog.c
+--- shadow-4.1.4.3/src/faillog.c.underflow	2011-02-13 12:58:16.000000000 -0500
++++ shadow-4.1.4.3/src/faillog.c	2011-05-30 17:48:55.000000000 -0400
 @@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
  		return;
  	}
@@ -41,3 +41,18 @@ diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
  		/* fseeko errors are not really relevant for us. */
  		int err = fseeko (fail, offset, SEEK_SET);
  		assert (0 == err);
+diff -up shadow-4.1.4.3/src/lastlog.c.underflow shadow-4.1.4.3/src/lastlog.c
+--- shadow-4.1.4.3/src/lastlog.c.underflow	2011-05-31 03:52:25.000000000 -0400
++++ shadow-4.1.4.3/src/lastlog.c	2011-05-31 03:53:32.000000000 -0400
+@@ -102,9 +102,8 @@ static void print_one (/*@null@*/const s
+ 	}
+ 
+ 
+-	offset = pw->pw_uid * sizeof (ll);
+-
+-	if (offset <= (statbuf.st_size - sizeof (ll))) {
++	offset = (off_t) pw->pw_uid * sizeof (ll);
++	if (offset + sizeof (ll) <= statbuf.st_size - sizeof (ll)) {
+ 		/* fseeko errors are not really relevant for us. */
+ 		int err = fseeko (lastlogfile, offset, SEEK_SET);
+ 		assert (0 == err);
diff --git a/shadow-utils.spec b/shadow-utils.spec
index c8edc0f..38f119b 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@@ -200,6 +200,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Tue May 31 2011 Peter Vrabec <pvrabec at redhat.com> - 2:4.1.4.3-2
+- fix integer underflow in laslog (#706321)
+
 * Fri May 20 2011 Peter Vrabec <pvrabec at redhat.com> - 2:4.1.4.3-1
 - upgrade
 - change UID/GID_MIN to #1000

More information about the scm-commits mailing list