Page:
Errata 2023 06 27 b
Pages
Errata 2011 11 08
Errata 2013 03 04
Errata 2014 02 26
Errata 2014 06 02
Errata 2014 10 22
Errata 2017 01 18
Errata 2017 02 19
Errata 2019 02 22
Errata 2023 06 27 a
Errata 2023 06 27 b
Errata
History
Home
MigrationToSubversionAndTrac
ObtainingAndInstalling
Releases Calamite
Releases Caliopsis
Releases Cantaloupe
Releases Celandine
Releases Centaury
Releases Checklist
Releases Cinchona
Releases Cineraria
Releases Cinnamon
Releases Cinquefoil
Releases Citronella
Releases Cyclamen
Releases Daffodil
Releases Dianthus
Releases Digitalis
Releases Dogwood
Releases Eelgrass
Releases Feterita
Releases Figwort
Releases Hydrangea
Releases Lycopsida
Releases Micrampelis
Releases Nummularia
Releases Ourouparia
Releases Radula
Releases Resedacea
Releases Tabebuia
Releases Ximenia
Releases
3
Errata 2023 06 27 b
Dag-Erling Smørgrav edited this page 2023-06-27 17:13:16 +00:00
Table of Contents
Errata: Buffer overrun in openpam_subst()
Date:: 2023-06-27
Affects:: All releases prior to Ximenia
Description:: If the template ends in a % character, openpam_subst(3) will read past the end.
Workaround:: Ensure that the user prompt (see pam_get_user(3) manual page for details) does not end in a % character.
Fix:: Upgrade to OpenPAM Ximenia. If you are unable or unwilling to upgrade, apply the following patch:
--- lib/libpam/openpam_subst.c.orig
+++ lib/libpam/openpam_subst.c
@@ -104,7 +104,8 @@ openpam_subst(const pam_handle_t *pamh,
subst_char('%');
subst_char(*template);
}
- ++template;
+ if (*template)
+ ++template;
} else {
subst_char(*template++);
}