projects / scm / bb / tizen-distro.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 581ec5b)
tinylogin: fix segfault from crypt()
authorSaul Wold <sgw@linux.intel.com>
Fri, 5 Apr 2013 17:09:31 +0000 (10:09 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 5 Apr 2013 17:21:31 +0000 (18:21 +0100)
In glibc 2.17, crypt() now expects 2 valid chars for the seed or
it will error out and return a NULL. The tinylogin code took the
result from crypt directly into a strcmp() which caused a segfault

Tinylogin has been deperacted, busybox now has login support, I will
investigate using busybox login support for 1.5.

[YOCTO #4097]

(From OE-Core rev: 03034e0f5dff426ee7adaa2364082dd47c23260a)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch [new file with mode: 0644] patch | blob
meta/recipes-core/tinylogin/tinylogin_1.4.bb patch | blob | history

diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
new file mode 100644 (file)
index 0000000..0a24656
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
@@ -0,0 +1,23 @@
+
+staring from glibc 2.17 the crypt() function will error out and return
+NULL if the seed or "correct" is invalid. The failure case for this is
+an unknown user which tinylogin assigns '!' for the password. crypt() 
+now expects a minimum of 2 valid characters. If we get a NULL return
+value from the crypt, assume we fail and return 0.
+
+Upstream-Status: Inappropriate [tinylogin depercated]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: tinylogin-1.4/libbb/correct_password.c
+===================================================================
+--- tinylogin-1.4.orig/libbb/correct_password.c
++++ tinylogin-1.4/libbb/correct_password.c
+@@ -74,5 +74,8 @@ int correct_password ( const struct pass
+       }
+       encrypted = crypt ( unencrypted, correct );
+       memset ( unencrypted, 0, xstrlen ( unencrypted ));
++        if ( !encrypted )
++              return 0;
++
+       return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
+ }
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
index aaed92a..6e08011 100644 (file)
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
@@ -18,7 +18,9 @@ SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}
        file://remove-index.patch \
        file://use_O2_option.patch \
        file://passwd_rotate_check.patch \
-       file://avoid_static.patch"
+       file://avoid_static.patch \
+        file://glibc_crypt_fix.patch \
+        "
 
 SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
 SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
Domain: SCM / BB;