diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-07 13:09:39 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-07 13:10:43 +0000 |
commit | a168c14a6f2f0d0343afc231865bf2af4271b924 (patch) | |
tree | 825256a76d1d892581e31d8ea066f19e5725acfb | |
parent | 69599cfb275022470e62ba8f074d7d0b489681fa (diff) | |
download | alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.tar.bz2 alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.tar.xz alpine_aports-a168c14a6f2f0d0343afc231865bf2af4271b924.zip |
main/pam-pgsql: fix CVE-2013-0191
fixes #1606
(cherry picked from commit 5f0d8c570f2c0a4e6e9ac3fdec1d5b2bedebcbe5)
-rw-r--r-- | main/pam-pgsql/APKBUILD | 8 | ||||
-rw-r--r-- | main/pam-pgsql/CVE-2013-0191.patch | 11 |
2 files changed, 16 insertions, 3 deletions
diff --git a/main/pam-pgsql/APKBUILD b/main/pam-pgsql/APKBUILD index 771d4f1954..a085bf5aed 100644 --- a/main/pam-pgsql/APKBUILD +++ b/main/pam-pgsql/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=pam-pgsql | 3 | pkgname=pam-pgsql |
4 | pkgver=0.7.3.1 | 4 | pkgver=0.7.3.1 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="PAM module to authenticate using a PostgreSQL database" | 6 | pkgdesc="PAM module to authenticate using a PostgreSQL database" |
7 | url="http://sourceforge.net/projects/pam-pgsql/" | 7 | url="http://sourceforge.net/projects/pam-pgsql/" |
8 | arch="all" | 8 | arch="all" |
@@ -12,7 +12,8 @@ depends_dev="" | |||
12 | makedepends="$depends_dev linux-pam-dev postgresql-dev libgcrypt-dev" | 12 | makedepends="$depends_dev linux-pam-dev postgresql-dev libgcrypt-dev" |
13 | install="" | 13 | install="" |
14 | subpackages="$pkgname-doc" | 14 | subpackages="$pkgname-doc" |
15 | source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz" | 15 | source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz |
16 | CVE-2013-0191.patch" | ||
16 | 17 | ||
17 | _builddir="$srcdir"/pam-pgsql-$pkgver | 18 | _builddir="$srcdir"/pam-pgsql-$pkgver |
18 | prepare() { | 19 | prepare() { |
@@ -39,4 +40,5 @@ package() { | |||
39 | || return 1 | 40 | || return 1 |
40 | } | 41 | } |
41 | 42 | ||
42 | md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz" | 43 | md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz |
44 | 4a8640edb8eaee4456fa91ad8c22ab7f CVE-2013-0191.patch" | ||
diff --git a/main/pam-pgsql/CVE-2013-0191.patch b/main/pam-pgsql/CVE-2013-0191.patch new file mode 100644 index 0000000000..d03fc30822 --- /dev/null +++ b/main/pam-pgsql/CVE-2013-0191.patch | |||
@@ -0,0 +1,11 @@ | |||
1 | --- ./src/backend_pgsql.c.orig 2013-02-07 13:06:48.982679657 +0000 | ||
2 | +++ ./src/backend_pgsql.c 2013-02-07 13:09:00.973830056 +0000 | ||
3 | @@ -258,7 +258,7 @@ | ||
4 | if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) { | ||
5 | if(PQntuples(res) == 0) { | ||
6 | rc = PAM_USER_UNKNOWN; | ||
7 | - } else { | ||
8 | + } else if (!PQgetisnull(res, 0, 0)) { | ||
9 | char *stored_pw = PQgetvalue(res, 0, 0); | ||
10 | if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS; | ||
11 | free (tmp); | ||