diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-07 13:09:39 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-07 13:10:43 +0000 |
| commit | a168c14a6f2f0d0343afc231865bf2af4271b924 (patch) | |
| tree | 825256a76d1d892581e31d8ea066f19e5725acfb | |
| parent | 69599cfb275022470e62ba8f074d7d0b489681fa (diff) | |
| download | alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.tar.bz2 alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.tar.xz alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.zip | |
main/pam-pgsql: fix CVE-2013-0191
fixes #1606
(cherry picked from commit 5f0d8c570f2c0a4e6e9ac3fdec1d5b2bedebcbe5)
| -rw-r--r-- | main/pam-pgsql/APKBUILD | 8 | ||||
| -rw-r--r-- | main/pam-pgsql/CVE-2013-0191.patch | 11 |
2 files changed, 16 insertions, 3 deletions
diff --git a/main/pam-pgsql/APKBUILD b/main/pam-pgsql/APKBUILD index 771d4f1954..a085bf5aed 100644 --- a/main/pam-pgsql/APKBUILD +++ b/main/pam-pgsql/APKBUILD | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
| 3 | pkgname=pam-pgsql | 3 | pkgname=pam-pgsql |
| 4 | pkgver=0.7.3.1 | 4 | pkgver=0.7.3.1 |
| 5 | pkgrel=1 | 5 | pkgrel=2 |
| 6 | pkgdesc="PAM module to authenticate using a PostgreSQL database" | 6 | pkgdesc="PAM module to authenticate using a PostgreSQL database" |
| 7 | url="http://sourceforge.net/projects/pam-pgsql/" | 7 | url="http://sourceforge.net/projects/pam-pgsql/" |
| 8 | arch="all" | 8 | arch="all" |
| @@ -12,7 +12,8 @@ depends_dev="" | |||
| 12 | makedepends="$depends_dev linux-pam-dev postgresql-dev libgcrypt-dev" | 12 | makedepends="$depends_dev linux-pam-dev postgresql-dev libgcrypt-dev" |
| 13 | install="" | 13 | install="" |
| 14 | subpackages="$pkgname-doc" | 14 | subpackages="$pkgname-doc" |
| 15 | source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz" | 15 | source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz |
| 16 | CVE-2013-0191.patch" | ||
| 16 | 17 | ||
| 17 | _builddir="$srcdir"/pam-pgsql-$pkgver | 18 | _builddir="$srcdir"/pam-pgsql-$pkgver |
| 18 | prepare() { | 19 | prepare() { |
| @@ -39,4 +40,5 @@ package() { | |||
| 39 | || return 1 | 40 | || return 1 |
| 40 | } | 41 | } |
| 41 | 42 | ||
| 42 | md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz" | 43 | md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz |
| 44 | 4a8640edb8eaee4456fa91ad8c22ab7f CVE-2013-0191.patch" | ||
diff --git a/main/pam-pgsql/CVE-2013-0191.patch b/main/pam-pgsql/CVE-2013-0191.patch new file mode 100644 index 0000000000..d03fc30822 --- /dev/null +++ b/main/pam-pgsql/CVE-2013-0191.patch | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | --- ./src/backend_pgsql.c.orig 2013-02-07 13:06:48.982679657 +0000 | ||
| 2 | +++ ./src/backend_pgsql.c 2013-02-07 13:09:00.973830056 +0000 | ||
| 3 | @@ -258,7 +258,7 @@ | ||
| 4 | if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) { | ||
| 5 | if(PQntuples(res) == 0) { | ||
| 6 | rc = PAM_USER_UNKNOWN; | ||
| 7 | - } else { | ||
| 8 | + } else if (!PQgetisnull(res, 0, 0)) { | ||
| 9 | char *stored_pw = PQgetvalue(res, 0, 0); | ||
| 10 | if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS; | ||
| 11 | free (tmp); | ||