Date: Monday, June 16, 2014 @ 12:42:46
Author: tpowa
Revision: 215192
upgpkg: cifs-utils 6.3-2
fix #40789 CVE-2014-2830
Added:
cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch
cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch
cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch
Modified:
cifs-utils/trunk/PKGBUILD
-----------------------------------------------------------------+
0003-cifskey-better-use-snprintf.patch | 49 ++++
0004-cifscreds-better-error-handling-when-key_search-fail.patch | 85 ++++++++
0005-cifscreds-better-error-handling-for-key_add.patch | 102
++++++++++
PKGBUILD | 21 +-
4 files changed, 254 insertions(+), 3 deletions(-)
Added: 0003-cifskey-better-use-snprintf.patch
===================================================================
--- 0003-cifskey-better-use-snprintf.patch (rev 0)
+++ 0003-cifskey-better-use-snprintf.patch 2014-06-16 10:42:46 UTC (rev
215192)
@@ -0,0 +1,49 @@
+From 0c521d5060035da655107001374e08873ac5dde8 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krah...@suse.de>
+Date: Mon, 14 Apr 2014 11:39:41 +0200
+Subject: [PATCH] cifskey: better use snprintf()
+
+Prefer snprintf() over sprintf() in cifskey.c
+Projects that fork the code (pam_cifscreds) can't rely on
+the max-size parameters.
+
+[jlayton: removed unneeded initialization of "len" in key_add]
+
+Signed-off-by: Sebastian Krahmer <krah...@suse.de>
+---
+ cifskey.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/cifskey.c b/cifskey.c
+index 7716c42..e89cacf 100644
+--- a/cifskey.c
++++ b/cifskey.c
+@@ -29,7 +29,8 @@ key_search(const char *addr, char keytype)
+ {
+ char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4];
+
+- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr);
++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc))
++ return -1;
+
+ return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0);
+ }
+@@ -43,10 +44,13 @@ key_add(const char *addr, const char *user, const char
*pass, char keytype)
+ char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2];
+
+ /* set key description */
+- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr);
++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc))
++ return -1;
+
+ /* set payload contents */
+- len = sprintf(val, "%s:%s", user, pass);
++ len = snprintf(val, sizeof(val), "%s:%s", user, pass);
++ if (len >= (int)sizeof(val))
++ return -1;
+
+ return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
+ }
+--
+1.8.4.2
+
Added: 0004-cifscreds-better-error-handling-when-key_search-fail.patch
===================================================================
--- 0004-cifscreds-better-error-handling-when-key_search-fail.patch
(rev 0)
+++ 0004-cifscreds-better-error-handling-when-key_search-fail.patch
2014-06-16 10:42:46 UTC (rev 215192)
@@ -0,0 +1,85 @@
+From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlay...@samba.org>
+Date: Sun, 20 Apr 2014 20:41:05 -0400
+Subject: [PATCH] cifscreds: better error handling when key_search fails
+
+If we ended up getting a bogus string that would have overflowed, then
+make key_search set errno to EINVAL before returning. The callers can
+then test to see if the returned error is what was expected or something
+else and handle it appropriately.
+
+Cc: Sebastian Krahmer <krah...@suse.de>
+Signed-off-by: Jeff Layton <jlay...@samba.org>
+---
+ cifscreds.c | 9 +++++++++
+ cifskey.c | 5 ++++-
+ pam_cifscreds.c | 9 +++++++++
+ 3 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/cifscreds.c b/cifscreds.c
+index fa05dc8..64d55b0 100644
+--- a/cifscreds.c
++++ b/cifscreds.c
+@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg)
+ return EXIT_FAILURE;
+ }
+
++ switch(errno) {
++ case ENOKEY:
++ /* success */
++ break;
++ default:
++ printf("Key search failed: %s\n", strerror(errno));
++ return EXIT_FAILURE;
++ }
++
+ currentaddress = nextaddress;
+ if (currentaddress) {
+ *(currentaddress - 1) = ',';
+diff --git a/cifskey.c b/cifskey.c
+index e89cacf..4f01ed0 100644
+--- a/cifskey.c
++++ b/cifskey.c
+@@ -20,6 +20,7 @@
+ #include <sys/types.h>
+ #include <keyutils.h>
+ #include <stdio.h>
++#include <errno.h>
+ #include "cifskey.h"
+ #include "resolve_host.h"
+
+@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype)
+ {
+ char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4];
+
+- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc))
++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc)) {
++ errno = EINVAL;
+ return -1;
++ }
+
+ return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0);
+ }
+diff --git a/pam_cifscreds.c b/pam_cifscreds.c
+index e0d8a55..fb23117 100644
+--- a/pam_cifscreds.c
++++ b/pam_cifscreds.c
+@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char
*user, const char *pas
+ return PAM_SERVICE_ERR;
+ }
+
++ switch(errno) {
++ case ENOKEY:
++ break;
++ default:
++ pam_syslog(ph, LOG_ERR, "Unable to search keyring for
%s (%s)",
++ currentaddress, strerror(errno));
++ return PAM_SERVICE_ERR;
++ }
++
+ currentaddress = nextaddress;
+ if (currentaddress) {
+ *(currentaddress - 1) = ',';
+--
+1.8.4.2
+
Added: 0005-cifscreds-better-error-handling-for-key_add.patch
===================================================================
--- 0005-cifscreds-better-error-handling-for-key_add.patch
(rev 0)
+++ 0005-cifscreds-better-error-handling-for-key_add.patch 2014-06-16
10:42:46 UTC (rev 215192)
@@ -0,0 +1,102 @@
+From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlay...@samba.org>
+Date: Sun, 20 Apr 2014 20:41:05 -0400
+Subject: [PATCH] cifscreds: better error handling for key_add
+
+If the string buffers would have been overrun, set errno to EINVAL
+before returning. Then, have the callers report the errors to
+stderr or syslog as appropriate.
+
+Cc: Sebastian Krahmer <krah...@suse.de>
+Signed-off-by: Jeff Layton <jlay...@samba.org>
+---
+ cifscreds.c | 6 +++---
+ cifskey.c | 8 ++++++--
+ pam_cifscreds.c | 9 +++++----
+ 3 files changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/cifscreds.c b/cifscreds.c
+index 64d55b0..5d84c3c 100644
+--- a/cifscreds.c
++++ b/cifscreds.c
+@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg)
+ while (currentaddress) {
+ key_serial_t key = key_add(currentaddress, arg->user, pass,
arg->keytype);
+ if (key <= 0) {
+- fprintf(stderr, "error: Add credential key for %s\n",
+- currentaddress);
++ fprintf(stderr, "error: Add credential key for %s:
%s\n",
++ currentaddress, strerror(errno));
+ } else {
+ if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) {
+ fprintf(stderr, "error: Setting permissons "
+@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg)
+ key_serial_t key = key_add(addrs[id], arg->user, pass,
arg->keytype);
+ if (key <= 0)
+ fprintf(stderr, "error: Update credential key "
+- "for %s\n", addrs[id]);
++ "for %s: %s\n", addrs[id], strerror(errno));
+ }
+
+ return EXIT_SUCCESS;
+diff --git a/cifskey.c b/cifskey.c
+index 4f01ed0..919540f 100644
+--- a/cifskey.c
++++ b/cifskey.c
+@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char
*pass, char keytype)
+ char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2];
+
+ /* set key description */
+- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc))
++ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr)
>= (int)sizeof(desc)) {
++ errno = EINVAL;
+ return -1;
++ }
+
+ /* set payload contents */
+ len = snprintf(val, sizeof(val), "%s:%s", user, pass);
+- if (len >= (int)sizeof(val))
++ if (len >= (int)sizeof(val)) {
++ errno = EINVAL;
+ return -1;
++ }
+
+ return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
+ }
+diff --git a/pam_cifscreds.c b/pam_cifscreds.c
+index fb23117..5d99c2d 100644
+--- a/pam_cifscreds.c
++++ b/pam_cifscreds.c
+@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char
*user, const char *pas
+
+ switch(errno) {
+ case ENOKEY:
++ /* success */
+ break;
+ default:
+ pam_syslog(ph, LOG_ERR, "Unable to search keyring for
%s (%s)",
+@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char
*user, const char *pas
+ while (currentaddress) {
+ key_serial_t key = key_add(currentaddress, user, password,
keytype);
+ if (key <= 0) {
+- pam_syslog(ph, LOG_ERR, "error: Add credential key for
%s",
+- currentaddress);
++ pam_syslog(ph, LOG_ERR, "error: Add credential key for
%s: %s",
++ currentaddress, strerror(errno));
+ } else {
+ if ((args & ARG_DEBUG) == ARG_DEBUG) {
+ pam_syslog(ph, LOG_DEBUG, "credential key for
\\\\%s\\%s added",
+@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const
char *user, const char *
+ for (id = 0; id < count; id++) {
+ key_serial_t key = key_add(currentaddress, user, password,
keytype);
+ if (key <= 0) {
+- pam_syslog(ph, LOG_ERR, "error: Update credential key
for %s",
+- currentaddress);
++ pam_syslog(ph, LOG_ERR, "error: Update credential key
for %s: %s",
++ currentaddress, strerror(errno));
+ }
+ }
+
+--
+1.8.4.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-06-16 09:52:50 UTC (rev 215191)
+++ PKGBUILD 2014-06-16 10:42:46 UTC (rev 215192)
@@ -2,14 +2,26 @@
# Maintainer: Tobias Powalowski <tp...@archlinux.org>
pkgname=cifs-utils
pkgver=6.3
-pkgrel=1
+pkgrel=2
pkgdesc="CIFS filesystem user-space tools"
arch=(i686 x86_64)
url="http://wiki.samba.org/index.php/LinuxCIFS_utils";
license=('GPL')
depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
-source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2)
+source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2
+ '0003-cifskey-better-use-snprintf.patch'
+ '0004-cifscreds-better-error-handling-when-key_search-fail.patch'
+ '0005-cifscreds-better-error-handling-for-key_add.patch')
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ # add fedora patches
+ # 40789 CVE-2014-2830
+ patch -Np1 -i "$srcdir/0003-cifskey-better-use-snprintf.patch"
+ patch -Np1 -i
"$srcdir/0004-cifscreds-better-error-handling-when-key_search-fail.patch"
+ patch -Np1 -i
"$srcdir/0005-cifscreds-better-error-handling-for-key_add.patch"
+}
+
build() {
cd "$srcdir/$pkgname-$pkgver"
# systemd support is broken in mount.cifs
@@ -27,4 +39,7 @@
# set mount.cifs uid, to enable none root mounting form fstab
chmod +s $pkgdir/usr/bin/mount.cifs
}
-md5sums=('93697dbc043cb4d5c66e15e281f872e5')
+md5sums=('93697dbc043cb4d5c66e15e281f872e5'
+ 'cc13c6d1b734a446d0f4384e0ce32748'
+ '350491f336dc931f9b192228909e5924'
+ 'ac2b3367363fbc79f8f7fdfcae008a8c')
