Date: Monday, June 16, 2014 @ 12:42:57 Author: tpowa Revision: 215193
archrelease: copy trunk to extra-i686, extra-x86_64 Added: cifs-utils/repos/extra-i686/0003-cifskey-better-use-snprintf.patch (from rev 215192, cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch) cifs-utils/repos/extra-i686/0004-cifscreds-better-error-handling-when-key_search-fail.patch (from rev 215192, cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch) cifs-utils/repos/extra-i686/0005-cifscreds-better-error-handling-for-key_add.patch (from rev 215192, cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch) cifs-utils/repos/extra-i686/PKGBUILD (from rev 215192, cifs-utils/trunk/PKGBUILD) cifs-utils/repos/extra-i686/fix-5.9-credentials.patch (from rev 215192, cifs-utils/trunk/fix-5.9-credentials.patch) cifs-utils/repos/extra-x86_64/0003-cifskey-better-use-snprintf.patch (from rev 215192, cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch) cifs-utils/repos/extra-x86_64/0004-cifscreds-better-error-handling-when-key_search-fail.patch (from rev 215192, cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch) cifs-utils/repos/extra-x86_64/0005-cifscreds-better-error-handling-for-key_add.patch (from rev 215192, cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch) cifs-utils/repos/extra-x86_64/PKGBUILD (from rev 215192, cifs-utils/trunk/PKGBUILD) cifs-utils/repos/extra-x86_64/fix-5.9-credentials.patch (from rev 215192, cifs-utils/trunk/fix-5.9-credentials.patch) Deleted: cifs-utils/repos/extra-i686/PKGBUILD cifs-utils/repos/extra-i686/fix-5.9-credentials.patch cifs-utils/repos/extra-x86_64/PKGBUILD cifs-utils/repos/extra-x86_64/fix-5.9-credentials.patch ------------------------------------------------------------------------------+ /PKGBUILD | 90 ++++++++ /fix-5.9-credentials.patch | 32 +++ extra-i686/0003-cifskey-better-use-snprintf.patch | 49 ++++ extra-i686/0004-cifscreds-better-error-handling-when-key_search-fail.patch | 85 ++++++++ extra-i686/0005-cifscreds-better-error-handling-for-key_add.patch | 102 ++++++++++ extra-i686/PKGBUILD | 30 -- extra-i686/fix-5.9-credentials.patch | 16 - extra-x86_64/0003-cifskey-better-use-snprintf.patch | 49 ++++ extra-x86_64/0004-cifscreds-better-error-handling-when-key_search-fail.patch | 85 ++++++++ extra-x86_64/0005-cifscreds-better-error-handling-for-key_add.patch | 102 ++++++++++ extra-x86_64/PKGBUILD | 30 -- extra-x86_64/fix-5.9-credentials.patch | 16 - 12 files changed, 594 insertions(+), 92 deletions(-) Copied: cifs-utils/repos/extra-i686/0003-cifskey-better-use-snprintf.patch (from rev 215192, cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch) =================================================================== --- extra-i686/0003-cifskey-better-use-snprintf.patch (rev 0) +++ extra-i686/0003-cifskey-better-use-snprintf.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,49 @@ +From 0c521d5060035da655107001374e08873ac5dde8 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krah...@suse.de> +Date: Mon, 14 Apr 2014 11:39:41 +0200 +Subject: [PATCH] cifskey: better use snprintf() + +Prefer snprintf() over sprintf() in cifskey.c +Projects that fork the code (pam_cifscreds) can't rely on +the max-size parameters. + +[jlayton: removed unneeded initialization of "len" in key_add] + +Signed-off-by: Sebastian Krahmer <krah...@suse.de> +--- + cifskey.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/cifskey.c b/cifskey.c +index 7716c42..e89cacf 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -29,7 +29,8 @@ key_search(const char *addr, char keytype) + { + char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; + +- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ return -1; + + return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); + } +@@ -43,10 +44,13 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) + char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; + + /* set key description */ +- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ return -1; + + /* set payload contents */ +- len = sprintf(val, "%s:%s", user, pass); ++ len = snprintf(val, sizeof(val), "%s:%s", user, pass); ++ if (len >= (int)sizeof(val)) ++ return -1; + + return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); + } +-- +1.8.4.2 + Copied: cifs-utils/repos/extra-i686/0004-cifscreds-better-error-handling-when-key_search-fail.patch (from rev 215192, cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch) =================================================================== --- extra-i686/0004-cifscreds-better-error-handling-when-key_search-fail.patch (rev 0) +++ extra-i686/0004-cifscreds-better-error-handling-when-key_search-fail.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,85 @@ +From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlay...@samba.org> +Date: Sun, 20 Apr 2014 20:41:05 -0400 +Subject: [PATCH] cifscreds: better error handling when key_search fails + +If we ended up getting a bogus string that would have overflowed, then +make key_search set errno to EINVAL before returning. The callers can +then test to see if the returned error is what was expected or something +else and handle it appropriately. + +Cc: Sebastian Krahmer <krah...@suse.de> +Signed-off-by: Jeff Layton <jlay...@samba.org> +--- + cifscreds.c | 9 +++++++++ + cifskey.c | 5 ++++- + pam_cifscreds.c | 9 +++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/cifscreds.c b/cifscreds.c +index fa05dc8..64d55b0 100644 +--- a/cifscreds.c ++++ b/cifscreds.c +@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) + return EXIT_FAILURE; + } + ++ switch(errno) { ++ case ENOKEY: ++ /* success */ ++ break; ++ default: ++ printf("Key search failed: %s\n", strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +diff --git a/cifskey.c b/cifskey.c +index e89cacf..4f01ed0 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -20,6 +20,7 @@ + #include <sys/types.h> + #include <keyutils.h> + #include <stdio.h> ++#include <errno.h> + #include "cifskey.h" + #include "resolve_host.h" + +@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) + { + char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; + +- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { ++ errno = EINVAL; + return -1; ++ } + + return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); + } +diff --git a/pam_cifscreds.c b/pam_cifscreds.c +index e0d8a55..fb23117 100644 +--- a/pam_cifscreds.c ++++ b/pam_cifscreds.c +@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + return PAM_SERVICE_ERR; + } + ++ switch(errno) { ++ case ENOKEY: ++ break; ++ default: ++ pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", ++ currentaddress, strerror(errno)); ++ return PAM_SERVICE_ERR; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +-- +1.8.4.2 + Copied: cifs-utils/repos/extra-i686/0005-cifscreds-better-error-handling-for-key_add.patch (from rev 215192, cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch) =================================================================== --- extra-i686/0005-cifscreds-better-error-handling-for-key_add.patch (rev 0) +++ extra-i686/0005-cifscreds-better-error-handling-for-key_add.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,102 @@ +From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlay...@samba.org> +Date: Sun, 20 Apr 2014 20:41:05 -0400 +Subject: [PATCH] cifscreds: better error handling for key_add + +If the string buffers would have been overrun, set errno to EINVAL +before returning. Then, have the callers report the errors to +stderr or syslog as appropriate. + +Cc: Sebastian Krahmer <krah...@suse.de> +Signed-off-by: Jeff Layton <jlay...@samba.org> +--- + cifscreds.c | 6 +++--- + cifskey.c | 8 ++++++-- + pam_cifscreds.c | 9 +++++---- + 3 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/cifscreds.c b/cifscreds.c +index 64d55b0..5d84c3c 100644 +--- a/cifscreds.c ++++ b/cifscreds.c +@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg) + while (currentaddress) { + key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype); + if (key <= 0) { +- fprintf(stderr, "error: Add credential key for %s\n", +- currentaddress); ++ fprintf(stderr, "error: Add credential key for %s: %s\n", ++ currentaddress, strerror(errno)); + } else { + if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) { + fprintf(stderr, "error: Setting permissons " +@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg) + key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype); + if (key <= 0) + fprintf(stderr, "error: Update credential key " +- "for %s\n", addrs[id]); ++ "for %s: %s\n", addrs[id], strerror(errno)); + } + + return EXIT_SUCCESS; +diff --git a/cifskey.c b/cifskey.c +index 4f01ed0..919540f 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) + char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; + + /* set key description */ +- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { ++ errno = EINVAL; + return -1; ++ } + + /* set payload contents */ + len = snprintf(val, sizeof(val), "%s:%s", user, pass); +- if (len >= (int)sizeof(val)) ++ if (len >= (int)sizeof(val)) { ++ errno = EINVAL; + return -1; ++ } + + return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); + } +diff --git a/pam_cifscreds.c b/pam_cifscreds.c +index fb23117..5d99c2d 100644 +--- a/pam_cifscreds.c ++++ b/pam_cifscreds.c +@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + + switch(errno) { + case ENOKEY: ++ /* success */ + break; + default: + pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", +@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + while (currentaddress) { + key_serial_t key = key_add(currentaddress, user, password, keytype); + if (key <= 0) { +- pam_syslog(ph, LOG_ERR, "error: Add credential key for %s", +- currentaddress); ++ pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s", ++ currentaddress, strerror(errno)); + } else { + if ((args & ARG_DEBUG) == ARG_DEBUG) { + pam_syslog(ph, LOG_DEBUG, "credential key for \\\\%s\\%s added", +@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char * + for (id = 0; id < count; id++) { + key_serial_t key = key_add(currentaddress, user, password, keytype); + if (key <= 0) { +- pam_syslog(ph, LOG_ERR, "error: Update credential key for %s", +- currentaddress); ++ pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s", ++ currentaddress, strerror(errno)); + } + } + +-- +1.8.4.2 + Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2014-06-16 10:42:46 UTC (rev 215192) +++ extra-i686/PKGBUILD 2014-06-16 10:42:57 UTC (rev 215193) @@ -1,30 +0,0 @@ -# $Id$ -# Maintainer: Tobias Powalowski <tp...@archlinux.org> -pkgname=cifs-utils -pkgver=6.3 -pkgrel=1 -pkgdesc="CIFS filesystem user-space tools" -arch=(i686 x86_64) -url="http://wiki.samba.org/index.php/LinuxCIFS_utils" -license=('GPL') -depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam') -source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2) - -build() { - cd "$srcdir/$pkgname-$pkgver" - # systemd support is broken in mount.cifs - # https://bugs.archlinux.org/task/30958 - ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install - mkdir -p $pkgdir/etc/request-key.d - install -m 644 contrib/request-key.d/cifs.idmap.conf $pkgdir/etc/request-key.d - install -m 644 contrib/request-key.d/cifs.spnego.conf $pkgdir/etc/request-key.d - # set mount.cifs uid, to enable none root mounting form fstab - chmod +s $pkgdir/usr/bin/mount.cifs -} -md5sums=('93697dbc043cb4d5c66e15e281f872e5') Copied: cifs-utils/repos/extra-i686/PKGBUILD (from rev 215192, cifs-utils/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,45 @@ +# $Id$ +# Maintainer: Tobias Powalowski <tp...@archlinux.org> +pkgname=cifs-utils +pkgver=6.3 +pkgrel=2 +pkgdesc="CIFS filesystem user-space tools" +arch=(i686 x86_64) +url="http://wiki.samba.org/index.php/LinuxCIFS_utils" +license=('GPL') +depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam') +source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2 + '0003-cifskey-better-use-snprintf.patch' + '0004-cifscreds-better-error-handling-when-key_search-fail.patch' + '0005-cifscreds-better-error-handling-for-key_add.patch') + +prepare() { + cd "$srcdir/$pkgname-$pkgver" + # add fedora patches + # 40789 CVE-2014-2830 + patch -Np1 -i "$srcdir/0003-cifskey-better-use-snprintf.patch" + patch -Np1 -i "$srcdir/0004-cifscreds-better-error-handling-when-key_search-fail.patch" + patch -Np1 -i "$srcdir/0005-cifscreds-better-error-handling-for-key_add.patch" +} + +build() { + cd "$srcdir/$pkgname-$pkgver" + # systemd support is broken in mount.cifs + # https://bugs.archlinux.org/task/30958 + ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install + mkdir -p $pkgdir/etc/request-key.d + install -m 644 contrib/request-key.d/cifs.idmap.conf $pkgdir/etc/request-key.d + install -m 644 contrib/request-key.d/cifs.spnego.conf $pkgdir/etc/request-key.d + # set mount.cifs uid, to enable none root mounting form fstab + chmod +s $pkgdir/usr/bin/mount.cifs +} +md5sums=('93697dbc043cb4d5c66e15e281f872e5' + 'cc13c6d1b734a446d0f4384e0ce32748' + '350491f336dc931f9b192228909e5924' + 'ac2b3367363fbc79f8f7fdfcae008a8c') Deleted: extra-i686/fix-5.9-credentials.patch =================================================================== --- extra-i686/fix-5.9-credentials.patch 2014-06-16 10:42:46 UTC (rev 215192) +++ extra-i686/fix-5.9-credentials.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -1,16 +0,0 @@ -X-Git-Url: https://git.samba.org/?p=cifs-utils.git;a=blobdiff_plain;f=mount.cifs.c;h=40b77e92e3f734c606f522ccf279a0508ad64eab;hp=c7c3055cb890764937193b1d50d1f0fb7ae18826;hb=1a01f7c4b90695211d12291d7a24bec05b1f2922;hpb=739289ad3ce915e1ee2705ecd7ac4e907cd91405 - -diff --git a/mount.cifs.c b/mount.cifs.c -index c7c3055..40b77e9 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -581,7 +581,8 @@ static int open_cred_file(char *file_name, - switch (parse_cred_line(line_buf + i, &temp_val)) { - case CRED_USER: - strlcpy(parsed_info->username, temp_val, -- sizeof(parsed_info->domain)); -+ sizeof(parsed_info->username)); -+ parsed_info->got_user = 1; - break; - case CRED_PASS: - i = set_password(parsed_info, temp_val); Copied: cifs-utils/repos/extra-i686/fix-5.9-credentials.patch (from rev 215192, cifs-utils/trunk/fix-5.9-credentials.patch) =================================================================== --- extra-i686/fix-5.9-credentials.patch (rev 0) +++ extra-i686/fix-5.9-credentials.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,16 @@ +X-Git-Url: https://git.samba.org/?p=cifs-utils.git;a=blobdiff_plain;f=mount.cifs.c;h=40b77e92e3f734c606f522ccf279a0508ad64eab;hp=c7c3055cb890764937193b1d50d1f0fb7ae18826;hb=1a01f7c4b90695211d12291d7a24bec05b1f2922;hpb=739289ad3ce915e1ee2705ecd7ac4e907cd91405 + +diff --git a/mount.cifs.c b/mount.cifs.c +index c7c3055..40b77e9 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -581,7 +581,8 @@ static int open_cred_file(char *file_name, + switch (parse_cred_line(line_buf + i, &temp_val)) { + case CRED_USER: + strlcpy(parsed_info->username, temp_val, +- sizeof(parsed_info->domain)); ++ sizeof(parsed_info->username)); ++ parsed_info->got_user = 1; + break; + case CRED_PASS: + i = set_password(parsed_info, temp_val); Copied: cifs-utils/repos/extra-x86_64/0003-cifskey-better-use-snprintf.patch (from rev 215192, cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch) =================================================================== --- extra-x86_64/0003-cifskey-better-use-snprintf.patch (rev 0) +++ extra-x86_64/0003-cifskey-better-use-snprintf.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,49 @@ +From 0c521d5060035da655107001374e08873ac5dde8 Mon Sep 17 00:00:00 2001 +From: Sebastian Krahmer <krah...@suse.de> +Date: Mon, 14 Apr 2014 11:39:41 +0200 +Subject: [PATCH] cifskey: better use snprintf() + +Prefer snprintf() over sprintf() in cifskey.c +Projects that fork the code (pam_cifscreds) can't rely on +the max-size parameters. + +[jlayton: removed unneeded initialization of "len" in key_add] + +Signed-off-by: Sebastian Krahmer <krah...@suse.de> +--- + cifskey.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/cifskey.c b/cifskey.c +index 7716c42..e89cacf 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -29,7 +29,8 @@ key_search(const char *addr, char keytype) + { + char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; + +- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ return -1; + + return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); + } +@@ -43,10 +44,13 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) + char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; + + /* set key description */ +- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ return -1; + + /* set payload contents */ +- len = sprintf(val, "%s:%s", user, pass); ++ len = snprintf(val, sizeof(val), "%s:%s", user, pass); ++ if (len >= (int)sizeof(val)) ++ return -1; + + return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); + } +-- +1.8.4.2 + Copied: cifs-utils/repos/extra-x86_64/0004-cifscreds-better-error-handling-when-key_search-fail.patch (from rev 215192, cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch) =================================================================== --- extra-x86_64/0004-cifscreds-better-error-handling-when-key_search-fail.patch (rev 0) +++ extra-x86_64/0004-cifscreds-better-error-handling-when-key_search-fail.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,85 @@ +From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlay...@samba.org> +Date: Sun, 20 Apr 2014 20:41:05 -0400 +Subject: [PATCH] cifscreds: better error handling when key_search fails + +If we ended up getting a bogus string that would have overflowed, then +make key_search set errno to EINVAL before returning. The callers can +then test to see if the returned error is what was expected or something +else and handle it appropriately. + +Cc: Sebastian Krahmer <krah...@suse.de> +Signed-off-by: Jeff Layton <jlay...@samba.org> +--- + cifscreds.c | 9 +++++++++ + cifskey.c | 5 ++++- + pam_cifscreds.c | 9 +++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/cifscreds.c b/cifscreds.c +index fa05dc8..64d55b0 100644 +--- a/cifscreds.c ++++ b/cifscreds.c +@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) + return EXIT_FAILURE; + } + ++ switch(errno) { ++ case ENOKEY: ++ /* success */ ++ break; ++ default: ++ printf("Key search failed: %s\n", strerror(errno)); ++ return EXIT_FAILURE; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +diff --git a/cifskey.c b/cifskey.c +index e89cacf..4f01ed0 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -20,6 +20,7 @@ + #include <sys/types.h> + #include <keyutils.h> + #include <stdio.h> ++#include <errno.h> + #include "cifskey.h" + #include "resolve_host.h" + +@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) + { + char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; + +- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { ++ errno = EINVAL; + return -1; ++ } + + return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); + } +diff --git a/pam_cifscreds.c b/pam_cifscreds.c +index e0d8a55..fb23117 100644 +--- a/pam_cifscreds.c ++++ b/pam_cifscreds.c +@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + return PAM_SERVICE_ERR; + } + ++ switch(errno) { ++ case ENOKEY: ++ break; ++ default: ++ pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", ++ currentaddress, strerror(errno)); ++ return PAM_SERVICE_ERR; ++ } ++ + currentaddress = nextaddress; + if (currentaddress) { + *(currentaddress - 1) = ','; +-- +1.8.4.2 + Copied: cifs-utils/repos/extra-x86_64/0005-cifscreds-better-error-handling-for-key_add.patch (from rev 215192, cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch) =================================================================== --- extra-x86_64/0005-cifscreds-better-error-handling-for-key_add.patch (rev 0) +++ extra-x86_64/0005-cifscreds-better-error-handling-for-key_add.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,102 @@ +From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001 +From: Jeff Layton <jlay...@samba.org> +Date: Sun, 20 Apr 2014 20:41:05 -0400 +Subject: [PATCH] cifscreds: better error handling for key_add + +If the string buffers would have been overrun, set errno to EINVAL +before returning. Then, have the callers report the errors to +stderr or syslog as appropriate. + +Cc: Sebastian Krahmer <krah...@suse.de> +Signed-off-by: Jeff Layton <jlay...@samba.org> +--- + cifscreds.c | 6 +++--- + cifskey.c | 8 ++++++-- + pam_cifscreds.c | 9 +++++---- + 3 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/cifscreds.c b/cifscreds.c +index 64d55b0..5d84c3c 100644 +--- a/cifscreds.c ++++ b/cifscreds.c +@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg) + while (currentaddress) { + key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype); + if (key <= 0) { +- fprintf(stderr, "error: Add credential key for %s\n", +- currentaddress); ++ fprintf(stderr, "error: Add credential key for %s: %s\n", ++ currentaddress, strerror(errno)); + } else { + if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) { + fprintf(stderr, "error: Setting permissons " +@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg) + key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype); + if (key <= 0) + fprintf(stderr, "error: Update credential key " +- "for %s\n", addrs[id]); ++ "for %s: %s\n", addrs[id], strerror(errno)); + } + + return EXIT_SUCCESS; +diff --git a/cifskey.c b/cifskey.c +index 4f01ed0..919540f 100644 +--- a/cifskey.c ++++ b/cifskey.c +@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) + char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; + + /* set key description */ +- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) ++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { ++ errno = EINVAL; + return -1; ++ } + + /* set payload contents */ + len = snprintf(val, sizeof(val), "%s:%s", user, pass); +- if (len >= (int)sizeof(val)) ++ if (len >= (int)sizeof(val)) { ++ errno = EINVAL; + return -1; ++ } + + return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); + } +diff --git a/pam_cifscreds.c b/pam_cifscreds.c +index fb23117..5d99c2d 100644 +--- a/pam_cifscreds.c ++++ b/pam_cifscreds.c +@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + + switch(errno) { + case ENOKEY: ++ /* success */ + break; + default: + pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", +@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas + while (currentaddress) { + key_serial_t key = key_add(currentaddress, user, password, keytype); + if (key <= 0) { +- pam_syslog(ph, LOG_ERR, "error: Add credential key for %s", +- currentaddress); ++ pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s", ++ currentaddress, strerror(errno)); + } else { + if ((args & ARG_DEBUG) == ARG_DEBUG) { + pam_syslog(ph, LOG_DEBUG, "credential key for \\\\%s\\%s added", +@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char * + for (id = 0; id < count; id++) { + key_serial_t key = key_add(currentaddress, user, password, keytype); + if (key <= 0) { +- pam_syslog(ph, LOG_ERR, "error: Update credential key for %s", +- currentaddress); ++ pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s", ++ currentaddress, strerror(errno)); + } + } + +-- +1.8.4.2 + Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2014-06-16 10:42:46 UTC (rev 215192) +++ extra-x86_64/PKGBUILD 2014-06-16 10:42:57 UTC (rev 215193) @@ -1,30 +0,0 @@ -# $Id$ -# Maintainer: Tobias Powalowski <tp...@archlinux.org> -pkgname=cifs-utils -pkgver=6.3 -pkgrel=1 -pkgdesc="CIFS filesystem user-space tools" -arch=(i686 x86_64) -url="http://wiki.samba.org/index.php/LinuxCIFS_utils" -license=('GPL') -depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam') -source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2) - -build() { - cd "$srcdir/$pkgname-$pkgver" - # systemd support is broken in mount.cifs - # https://bugs.archlinux.org/task/30958 - ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install - mkdir -p $pkgdir/etc/request-key.d - install -m 644 contrib/request-key.d/cifs.idmap.conf $pkgdir/etc/request-key.d - install -m 644 contrib/request-key.d/cifs.spnego.conf $pkgdir/etc/request-key.d - # set mount.cifs uid, to enable none root mounting form fstab - chmod +s $pkgdir/usr/bin/mount.cifs -} -md5sums=('93697dbc043cb4d5c66e15e281f872e5') Copied: cifs-utils/repos/extra-x86_64/PKGBUILD (from rev 215192, cifs-utils/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,45 @@ +# $Id$ +# Maintainer: Tobias Powalowski <tp...@archlinux.org> +pkgname=cifs-utils +pkgver=6.3 +pkgrel=2 +pkgdesc="CIFS filesystem user-space tools" +arch=(i686 x86_64) +url="http://wiki.samba.org/index.php/LinuxCIFS_utils" +license=('GPL') +depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam') +source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2 + '0003-cifskey-better-use-snprintf.patch' + '0004-cifscreds-better-error-handling-when-key_search-fail.patch' + '0005-cifscreds-better-error-handling-for-key_add.patch') + +prepare() { + cd "$srcdir/$pkgname-$pkgver" + # add fedora patches + # 40789 CVE-2014-2830 + patch -Np1 -i "$srcdir/0003-cifskey-better-use-snprintf.patch" + patch -Np1 -i "$srcdir/0004-cifscreds-better-error-handling-when-key_search-fail.patch" + patch -Np1 -i "$srcdir/0005-cifscreds-better-error-handling-for-key_add.patch" +} + +build() { + cd "$srcdir/$pkgname-$pkgver" + # systemd support is broken in mount.cifs + # https://bugs.archlinux.org/task/30958 + ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install + mkdir -p $pkgdir/etc/request-key.d + install -m 644 contrib/request-key.d/cifs.idmap.conf $pkgdir/etc/request-key.d + install -m 644 contrib/request-key.d/cifs.spnego.conf $pkgdir/etc/request-key.d + # set mount.cifs uid, to enable none root mounting form fstab + chmod +s $pkgdir/usr/bin/mount.cifs +} +md5sums=('93697dbc043cb4d5c66e15e281f872e5' + 'cc13c6d1b734a446d0f4384e0ce32748' + '350491f336dc931f9b192228909e5924' + 'ac2b3367363fbc79f8f7fdfcae008a8c') Deleted: extra-x86_64/fix-5.9-credentials.patch =================================================================== --- extra-x86_64/fix-5.9-credentials.patch 2014-06-16 10:42:46 UTC (rev 215192) +++ extra-x86_64/fix-5.9-credentials.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -1,16 +0,0 @@ -X-Git-Url: https://git.samba.org/?p=cifs-utils.git;a=blobdiff_plain;f=mount.cifs.c;h=40b77e92e3f734c606f522ccf279a0508ad64eab;hp=c7c3055cb890764937193b1d50d1f0fb7ae18826;hb=1a01f7c4b90695211d12291d7a24bec05b1f2922;hpb=739289ad3ce915e1ee2705ecd7ac4e907cd91405 - -diff --git a/mount.cifs.c b/mount.cifs.c -index c7c3055..40b77e9 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -581,7 +581,8 @@ static int open_cred_file(char *file_name, - switch (parse_cred_line(line_buf + i, &temp_val)) { - case CRED_USER: - strlcpy(parsed_info->username, temp_val, -- sizeof(parsed_info->domain)); -+ sizeof(parsed_info->username)); -+ parsed_info->got_user = 1; - break; - case CRED_PASS: - i = set_password(parsed_info, temp_val); Copied: cifs-utils/repos/extra-x86_64/fix-5.9-credentials.patch (from rev 215192, cifs-utils/trunk/fix-5.9-credentials.patch) =================================================================== --- extra-x86_64/fix-5.9-credentials.patch (rev 0) +++ extra-x86_64/fix-5.9-credentials.patch 2014-06-16 10:42:57 UTC (rev 215193) @@ -0,0 +1,16 @@ +X-Git-Url: https://git.samba.org/?p=cifs-utils.git;a=blobdiff_plain;f=mount.cifs.c;h=40b77e92e3f734c606f522ccf279a0508ad64eab;hp=c7c3055cb890764937193b1d50d1f0fb7ae18826;hb=1a01f7c4b90695211d12291d7a24bec05b1f2922;hpb=739289ad3ce915e1ee2705ecd7ac4e907cd91405 + +diff --git a/mount.cifs.c b/mount.cifs.c +index c7c3055..40b77e9 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -581,7 +581,8 @@ static int open_cred_file(char *file_name, + switch (parse_cred_line(line_buf + i, &temp_val)) { + case CRED_USER: + strlcpy(parsed_info->username, temp_val, +- sizeof(parsed_info->domain)); ++ sizeof(parsed_info->username)); ++ parsed_info->got_user = 1; + break; + case CRED_PASS: + i = set_password(parsed_info, temp_val);