Fix CVE-2020-10595:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10595
Patch copied from upstream advisory:
https://seclists.org/oss-sec/2020/q1/128
diff --git a/prompting.c b/prompting.c
index e985d95..d81054f 100644
--- a/prompting.c
+++ b/prompting.c
@@ -314,26 +314,27 @@ pamk5_prompter_krb5(krb5_context context UNUSED, void *data, const char *name,
/*
* Reuse pam_prompts as a starting index and copy the data into the reply
* area of the krb5_prompt structs.
*/
pam_prompts = 0;
if (name != NULL && !args->silent)
pam_prompts++;
if (banner != NULL && !args->silent)
pam_prompts++;
for (i = 0; i < num_prompts; i++, pam_prompts++) {
- size_t len;
+ size_t len, allowed;
if (resp[pam_prompts].resp == NULL)
goto cleanup;
len = strlen(resp[pam_prompts].resp);
- if (len > prompts[i].reply->length)
+ allowed = prompts[i].reply->length;
+ if (allowed == 0 || len > allowed - 1)
goto cleanup;
/*
* The trailing nul is not included in length, but other applications
* expect it to be there. Therefore, we copy one more byte than the
* actual length of the password, but set length to just the length of
* the password.
*/
memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len + 1);
prompts[i].reply->length = (unsigned int) len;
43a1'>diff
|
Age | Commit message (Expand) | Author |
2020-08-25 | offload: Modify the build-machine record to accept multiple systems....* guix/scripts/offload.scm (<build-machine>)[systems]: New field.
[system]: Accessor changed to %build-machine-system. Default to #f.
* guix/scripts/offload.scm (build-machine-system): Wrap %build-machine-system
with a deprecation warning.
(build-machine-systems): Access the new systems field or fallback to use
build-machine-system, for backward compatibility.
(machine-matches?): Adjust.
* tests/offload.scm: Add tests...
* Makefile.am (SCM_TESTS): ...and register them.
* doc/guix.texi (Daemon Offload Setup): Update doc.
| Maxim Cournoyer |