Fix CVE-2020-10595: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595 Patch copied from upstream advisory: https://seclists.org/oss-sec/2020/q1/128 diff --git a/prompting.c b/prompting.c index e985d95..d81054f 100644 --- a/prompting.c +++ b/prompting.c @@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name, /* * Reuse pam_prompts as a starting index and copy the data into the reply * area of the krb5_prompt structs. */ pam_prompts = 0; if (name != NULL && !args->silent) pam_prompts++; if (banner != NULL && !args->silent) pam_prompts++; for (i = 0; i < num_prompts; i++, pam_prompts++) { - size_t len; + size_t len, allowed; if (resp[pam_prompts].resp == NULL) goto cleanup; len = strlen(resp[pam_prompts].resp); - if (len > prompts[i].reply->length) + allowed = prompts[i].reply->length; + if (allowed == 0 || len > allowed - 1) goto cleanup; /* * The trailing nul is not included in length, but other applications * expect it to be there. Therefore, we copy one more byte than the * actual length of the password, but set length to just the length of * the password. */ memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1); prompts[i].reply->length = (unsigned int) len; f'>commitdiff
path: root/tests/guix-shell-export-manifest.sh
AgeCommit message (Expand)Author
2022-06-16shell: Fix '--export-manifest' for cached profiles and when '-p' is used....Fixes <https://issues.guix.gnu.org/55521>. * guix/scripts/shell.scm (export-manifest): When computing 'manifest', honor the 'profile key. * tests/guix-shell-export-manifest.sh: Add test. Ludovic Courtès
2022-06-01shell: '--export-manifest -D x -D y' generates a valid manifest....* guix/scripts/shell.scm (manifest->code*): Add missing 'list' in generated 'concatenate-manifests' call. * tests/guix-shell-export-manifest.sh: Add test. Ludovic Courtès
2022-04-08tests: 'guix shell --export-manifest' test no longer needs networking....* tests/guix-shell-export-manifest.sh: Use '--with-input' rather than '--with-latest' as the latter would crash in the absence of network access. Ludovic Courtès
2022-04-04shell: Add '--export-manifest'....* guix/scripts/shell.scm (show-help, %options): Add '--export-manifest'. (manifest-entry-version-prefix, manifest->code*) (export-manifest): New procedures. (guix-shell): Honor '--export-manifest'. * tests/guix-shell-export-manifest.sh: New file. * Makefile.am (SH_TESTS): Add it. * doc/guix.texi (Invoking guix shell): Document '--export-manifest'. (Invoking guix environment): Link to it. (Invoking guix pack): Likewise. Ludovic Courtès