Fix CVE-2020-10595: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595 Patch copied from upstream advisory: https://seclists.org/oss-sec/2020/q1/128 diff --git a/prompting.c b/prompting.c index e985d95..d81054f 100644 --- a/prompting.c +++ b/prompting.c @@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name, /* * Reuse pam_prompts as a starting index and copy the data into the reply * area of the krb5_prompt structs. */ pam_prompts = 0; if (name != NULL && !args->silent) pam_prompts++; if (banner != NULL && !args->silent) pam_prompts++; for (i = 0; i < num_prompts; i++, pam_prompts++) { - size_t len; + size_t len, allowed; if (resp[pam_prompts].resp == NULL) goto cleanup; len = strlen(resp[pam_prompts].resp); - if (len > prompts[i].reply->length) + allowed = prompts[i].reply->length; + if (allowed == 0 || len > allowed - 1) goto cleanup; /* * The trailing nul is not included in length, but other applications * expect it to be there. Therefore, we copy one more byte than the * actual length of the password, but set length to just the length of * the password. */ memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1); prompts[i].reply->length = (unsigned int) len; form'>
path: root/configure.ac
AgeCommit message (Expand)Author
2022-07-03etc: Add teams.scm....* etc/teams.scm.in: New file. * configure.ac: Generate executable. * .gitignore: Ignore generated file. Ricardo Wurmus
2022-01-25build: Require Guile >= 3.0.3....Fixes <https://issues.guix.gnu.org/53157>. Reported by Efraim Flashner <efraim@flashner.co.il>. * configure.ac: Require Guile >= 3.0.3. * doc/guix.texi (Requirements): Update accordingly. Ludovic Courtès
2021-11-23maint: "make dist" builds tarballs in 'ustar' format....This allows us to have file names longer than 99 characters. * configure.ac: Pass 'tar-ustar' to 'AM_INIT_AUTOMAKE'. Ludovic Courtès
2021-06-01maint: Require Guile 3.0....* configure.ac: Require Guile 3.0. * doc/guix.texi (Requirements): Adjust accordingly. * gnu/packages/package-management.scm (guile2.2-guix): Remove. * guix/lint.scm (exception-with-kind-and-args?): Remove 'cond-expand'. * guix/scripts/deploy.scm (deploy-machine*): Likewise. * guix/store.scm (call-with-store): Likewise. * guix/swh.scm (http-get*, http-post*): Likewise. * guix/ui.scm (without-compiler-optimizations, guard*) (call-with-error-handling): Likewise. Ludovic Courtès
2021-05-03nls: Do not update po files on first make invocation....We need to update the minimal gettext version to take advantage of new features. Before this patch, the first make invocation would modify po/guix and po/packages po files, and we advised to run `git checkout po` to clean the changes. * configure.ac (AM_GNU_GETTEXT_VERSION): Update to 0.19.1. * po/guix/Makevars: Set PO_DEPENDS_ON_POT to no. * po/packages/Makevars: Set PO_DEPENDS_ON_POT to no. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Julien Lepiller
2021-04-25import: Remove Nix importer....This importer has suffered from bitrot and no longer works with current Nix and Nixpkgs. See <https://bugs.gnu.org/32339> and <https://bugs.gnu.org/36255>. * guix/import/snix.scm, guix/scripts/import/nix.scm, tests/snix.scm: Remove. * Makefile.am (MODULES, SCM_TESTS): Remove them. * guix/scripts/import.scm (importers): Remove "nix". * build-aux/test-env.in: Remove NIXPKGS variable. * configure.ac: Remove '--with-nixpkgs' option. * doc/guix.texi (Invoking guix import): Remove bit about "guix import nix". * etc/completion/fish/guix.fish: Likewise. Ludovic Courtès
2021-04-23build: Add a check for Guile-Lib....* configure.ac: Check if the Guile-Lib module is present and recent enough and warn in case it isn't. Maxim Cournoyer