packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some patches

Browse Source 
(cherry picked from commit 76c1b9426d399c8f9a97f46779db76f409c7fbcc)
This commit is contained in:
z30023234 2024-02-04 20:15:24 +08:00 committed by openeuler-sync-bot
parent a39ac0857e
commit 5d22cefb4a
3 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-src-passwd-add-overflow-check.patch Normal file
View File

@ -0,0 +1,32 @@
From 2d188a9987789f019dae2d46c50578a474ab2bdd Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 20 Dec 2023 20:48:54 +0100
Subject: [PATCH] src/passwd.c: Add overflow check
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reference: https://github.com/shadow-maint/shadow/commit/2d188a9987789f019dae2d46c50578a474ab2bdd
Conflict: NA
---
src/passwd.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/passwd.c b/src/passwd.c
index a24e62dfd..f494a9257 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -387,8 +387,9 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
long now, ok;
now = time(NULL) / DAY;
ok = sp->sp_lstchg;
- if (sp->sp_min > 0) {
- ok += sp->sp_min;
+ if ( (sp->sp_min > 0)
+ && __builtin_add_overflow(ok, sp->sp_min, &ok)) {
+ ok = LONG_MAX;
}
if (now < ok) {

61
backport-src-passwd.c-Switch-to-day-precision.patch Normal file
View File

@ -0,0 +1,61 @@
From 3b5ba41d3e9dfc3bf058f0f31529c08201265241 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 14 Dec 2023 11:54:00 +0100
Subject: [PATCH] src/passwd.c: Switch to day precision
The size of time_t varies across systems, but since data type long is
more than enough to calculate with days (precision of shadow file),
use it instead.
Just in case a shadow file contains huge values, check for a possible
signed integer overflow.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Reference: https://github.com/shadow-maint/shadow/commit/3b5ba41d3e9dfc3bf058f0f31529c08201265241
Conflict: src/chpasswd.c
---
src/passwd.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/src/passwd.c b/src/passwd.c
index 336bbc9..d79767a 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -390,7 +390,6 @@ static int new_password (const struct passwd *pw)
*/
static void check_password (const struct passwd *pw, const struct spwd *sp)
{
- time_t now;
int exp_status;
exp_status = isexpired (pw, sp);
@@ -410,8 +409,6 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
return;
}
- (void) time (&now);
-
/*
* Expired accounts cannot be changed ever. Passwords which are
* locked may not be changed. Passwords where min > max may not be
@@ -434,10 +431,11 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
* Passwords may only be changed after sp_min time is up.
*/
if (sp->sp_lstchg > 0) {
- time_t ok;
- ok = (time_t) sp->sp_lstchg * SCALE;
+ long now, ok;
+ now = time(NULL) / DAY;
+ ok = sp->sp_lstchg;
if (sp->sp_min > 0) {
- ok += (time_t) sp->sp_min * SCALE;
+ ok += sp->sp_min;
}
if (now < ok) {
--
2.33.0

7
shadow.spec
View File

@ -1,6 +1,6 @@
Name: shadow Name: shadow
Version: 4.9 Version: 4.9
Release: 14 Release: 15
Epoch: 2 Epoch: 2
License: BSD and GPLv2+ License: BSD and GPLv2+
Summary: Tools for managing accounts and shadow password files Summary: Tools for managing accounts and shadow password files
@ -94,6 +94,8 @@ Patch74: backport-newgrp-fix-potential-string-injection.patch
Patch75: shadow-Remove-encrypted-passwd-for-useradd-gr.patch Patch75: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
Patch76: backport-shadow-userdel-add-the-adaptation-to-the-busybox-ps-.patch Patch76: backport-shadow-userdel-add-the-adaptation-to-the-busybox-ps-.patch
Patch77: backport-lib-btrfs-avoid-NULL-dereference.patch Patch77: backport-lib-btrfs-avoid-NULL-dereference.patch
Patch78: backport-src-passwd.c-Switch-to-day-precision.patch
Patch79: backport-src-passwd-add-overflow-check.patch
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
BuildRequires: libacl-devel, libattr-devel BuildRequires: libacl-devel, libattr-devel
@ -263,6 +265,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Sun Feb 4 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2:4.9-15
- backport some patches
* Thu Nov 9 2023 wangqingsan <wangqingsan@huawei.com> - 2:4.9-14 * Thu Nov 9 2023 wangqingsan <wangqingsan@huawei.com> - 2:4.9-14
- backport some patches - backport some patches