Hello community,

here is the log from the commit of package pam_yubico for openSUSE:Factory 
checked in at 2018-04-16 12:49:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pam_yubico (Old)
 and      /work/SRC/openSUSE:Factory/.pam_yubico.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "pam_yubico"

Mon Apr 16 12:49:21 2018 rev:7 rq:596421 version:2.25

Changes:
--------
--- /work/SRC/openSUSE:Factory/pam_yubico/pam_yubico.changes    2018-04-05 
15:33:05.972992712 +0200
+++ /work/SRC/openSUSE:Factory/.pam_yubico.new/pam_yubico.changes       
2018-04-16 12:49:22.832257882 +0200
@@ -1,0 +2,11 @@
+Fri Apr 13 14:06:59 UTC 2018 - kbabi...@suse.com
+
+- Added patches:
+  - cloexec.patch: Harden file descriptor handling (boo#1089517)
+  - compiler-warnings-pointer.patch: Fix compiler warnings due to wrong pointer
+    casts (boo#1089518)
+  - compiler-warnings-format-strings.patch: Fix compiler warnings due to wrong
+    format string specifiers (boo#1089519)
+  - util_test-mkdtemp.patch: Use mkdtemp() instead of tempnam() (boo#1089520)
+
+-------------------------------------------------------------------

New:
----
  cloexec.patch
  compiler-warnings-format-strings.patch
  compiler-warnings-pointer.patch
  util_test-mkdtemp.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pam_yubico.spec ++++++
--- /var/tmp/diff_new_pack.Zniq4Q/_old  2018-04-16 12:49:23.624229074 +0200
+++ /var/tmp/diff_new_pack.Zniq4Q/_new  2018-04-16 12:49:23.628228928 +0200
@@ -27,6 +27,10 @@
 Source1:        
https://developers.yubico.com/yubico-pam/Releases/pam_yubico-%{version}.tar.gz.sig
 Source2:        baselib.conf
 Patch0:         leaking-file-descriptor.patch
+Patch1:         util_test-mkdtemp.patch
+Patch2:         compiler-warnings-format-strings.patch
+Patch3:         compiler-warnings-pointer.patch
+Patch4:         cloexec.patch
 BuildRequires:  libykclient-devel >= 2.15
 BuildRequires:  libyubikey-devel
 BuildRequires:  openldap2-devel
@@ -41,6 +45,10 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 %configure --bindir=%{_bindir} --with-pam-dir=/%{_lib}/security 
--disable-static --disable-silent-rules

++++++ cloexec.patch ++++++
References: e5bd2ef8449799d06f6f8dad3e602cc047e3c1af
References: 0b595ee1cdef6cbe0dc4123e3b09c999dc1b6968
References: d51124e8846d1c43a8fb328ccec5672690b564fe
References: 079b975469efb6b80b24d50013ff2bf9572112d8
Upstream: merged
From: Karol Babioch <kbabi...@suse.de>
Date: Fri Apr 13 16:03:36 CEST 2018
Subject: Fix for bnc#1089517

---
 pam_yubico.c |   15 ++++++++++-----
 util.c       |   10 ++++++++--
 ykpamcfg.c   |   11 +++++++++--
 3 files changed, 27 insertions(+), 9 deletions(-)

Index: pam_yubico-2.25/pam_yubico.c
===================================================================
--- pam_yubico-2.25.orig/pam_yubico.c
+++ pam_yubico-2.25/pam_yubico.c
@@ -535,7 +535,7 @@ do_challenge_response(pam_handle_t *pamh
     }
   }
 
-  fd = open(userfile, O_RDONLY, 0);
+  fd = open(userfile, O_RDONLY | O_CLOEXEC, 0);
   if (fd < 0) {
       DBG ("Cannot open file: %s (%s)", userfile, strerror(errno));
       goto restpriv_out;
@@ -654,7 +654,7 @@ do_challenge_response(pam_handle_t *pamh
   strcpy(tmpfile, userfile);
   strcat(tmpfile, TMPFILE_SUFFIX);
 
-  fd = mkstemp(tmpfile);
+  fd = mkostemp(tmpfile, O_CLOEXEC);
   if (fd < 0) {
       DBG ("Cannot open file: %s (%s)", tmpfile, strerror(errno));
       goto restpriv_out;
@@ -814,15 +814,20 @@ parse_cfg (int flags, int argc, const ch
           else
             {
               struct stat st;
+              int fd;
               FILE *file;
               if(lstat(filename, &st) == 0)
                 {
                   if(S_ISREG(st.st_mode))
                     {
-                      file = fopen(filename, "a");
-                      if(file)
+                      fd = open(filename, O_WRONLY | O_CREAT | O_APPEND | 
O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP);
+                      if (fd >= 0)
                         {
-                          cfg->debug_file = file;
+                          file = fdopen(fd, "a");
+                          if (file)
+                            {
+                              cfg->debug_file = file;
+                            }
                         }
                     }
                 }
Index: pam_yubico-2.25/util.c
===================================================================
--- pam_yubico-2.25.orig/util.c
+++ pam_yubico-2.25/util.c
@@ -109,7 +109,7 @@ check_user_token (const char *authfile,
   struct stat st;
   FILE *opwfile;
 
-  fd = open(authfile, O_RDONLY, 0);
+  fd = open(authfile, O_RDONLY | O_CLOEXEC, 0);
   if (fd < 0) {
       if(verbose)
          D (debug_file, "Cannot open file: %s (%s)", authfile, 
strerror(errno));
@@ -185,8 +185,14 @@ int generate_random(void *buf, int len)
 {
        FILE *u;
        int res;
+       int fd;
 
-       u = fopen("/dev/urandom", "r");
+       fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
+       if (fd < 0) {
+               return -1;
+       }
+
+       u = fdopen(fd, "r");
        if (!u) {
                return -1;
        }
Index: pam_yubico-2.25/ykpamcfg.c
===================================================================
--- pam_yubico-2.25.orig/ykpamcfg.c
+++ pam_yubico-2.25/ykpamcfg.c
@@ -38,6 +38,7 @@
 #include <errno.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <fcntl.h>
 
 #include <ykpers.h>
 
@@ -143,6 +144,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t
   unsigned int response_len;
   char *fn;
   struct passwd *p;
+  int fd;
   FILE *f = NULL;
   struct stat st;
 
@@ -237,11 +239,16 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t
 
   umask(077);
 
-  f = fopen (fn, "w");
-  if (! f) {
+  fd = open (fn, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
+  if (fd < 0) {
     fprintf (stderr, "Failed opening '%s' for writing : %s\n", fn, strerror 
(errno));
     goto out;
   }
+  f = fdopen (fd, "w");
+  if (! f) {
+    fprintf (stderr, "fdopen: %s\n", strerror (errno));
+    goto out;
+  }
 
   if (! write_chalresp_state (f, &state))
     goto out;
++++++ compiler-warnings-format-strings.patch ++++++
>From 1aacb11538879ba04d582787a69e7fdffcbd0018 Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabi...@suse.de>
Date: Mon, 9 Apr 2018 11:46:12 +0200
Subject: Fix for bnc#1089519

This fixes several specifiers to better represent the data type, which fixes
multiple compiler warnings.
---
 pam_yubico.c | 6 +++---
 util.c       | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index af9ed27..10ee6fc 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -362,7 +362,7 @@ authorize_user_token_ldap (struct cfg *cfg,
              /* Compare each value for the attribute against the token id. */
              for (i = 0; vals[i] != NULL; i++)
                {
-                 DBG("LDAP : Checking value %i: %s:%s",
+                 DBG("LDAP : Checking value %zu: %s:%s",
                      i + 1,
                      cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "",
                      vals[i]->bv_val);
@@ -745,7 +745,7 @@ parse_cfg (int flags, int argc, const char **argv, struct 
cfg *cfg)
   for (i = 0; i < argc; i++)
     {
       if (strncmp (argv[i], "id=", 3) == 0)
-       sscanf (argv[i], "id=%d", &cfg->client_id);
+       sscanf (argv[i], "id=%u", &cfg->client_id);
       if (strncmp (argv[i], "key=", 4) == 0)
        cfg->client_key = argv[i] + 4;
       if (strcmp (argv[i], "debug") == 0)
@@ -859,7 +859,7 @@ parse_cfg (int flags, int argc, const char **argv, struct 
cfg *cfg)
   DBG ("capath=%s", cfg->capath ? cfg->capath : "(null)");
   DBG ("cainfo=%s", cfg->cainfo ? cfg->cainfo : "(null)");
   DBG ("proxy=%s", cfg->proxy ? cfg->proxy : "(null)");
-  DBG ("token_id_length=%d", cfg->token_id_length);
+  DBG ("token_id_length=%u", cfg->token_id_length);
   DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" );
   DBG ("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)");
 }
diff --git a/util.c b/util.c
index 32bca06..e6e8095 100644
--- a/util.c
+++ b/util.c
@@ -419,7 +419,7 @@ load_chalresp_state(FILE *f, CR_STATE *state, bool verbose, 
FILE *debug_file)
    * 40 is twice the size of CR_RESPONSE_SIZE
    * (twice because we hex encode the challenge and response)
    */
-  r = fscanf(f, "v2:%126[0-9a-z]:%40[0-9a-z]:%64[0-9a-z]:%d:%d", 
challenge_hex, response_hex, salt_hex, &iterations, &slot);
+  r = fscanf(f, "v2:%126[0-9a-z]:%40[0-9a-z]:%64[0-9a-z]:%u:%d", 
challenge_hex, response_hex, salt_hex, &iterations, &slot);
   if(r == 5) {
     if (! yubikey_hex_p(salt_hex)) {
       D(debug_file, "Invalid salt hex input : %s", salt_hex);
@@ -427,7 +427,7 @@ load_chalresp_state(FILE *f, CR_STATE *state, bool verbose, 
FILE *debug_file)
     }
 
     if(verbose) {
-      D(debug_file, "Challenge: %s, hashed response: %s, salt: %s, iterations: 
%d, slot: %d",
+      D(debug_file, "Challenge: %s, hashed response: %s, salt: %s, iterations: 
%u, slot: %d",
             challenge_hex, response_hex, salt_hex, iterations, slot);
     }
 
++++++ compiler-warnings-pointer.patch ++++++
>From 998ee88aa50adb77777d9122a5048255a7ab7327 Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabi...@suse.de>
Date: Mon, 9 Apr 2018 17:14:18 +0200
Subject: [PATCH] tests: Fix compiler warnings due to wrong pointer casts

This fixes a couple of compiler warnings due to wrong pointer casts in regards
to the pamh structure, which is a bit of a hackery way to access the test data.

bnc#1089518
---
 tests/pam_test.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/pam_test.c b/tests/pam_test.c
index 197d179..fbeb0f4 100644
--- a/tests/pam_test.c
+++ b/tests/pam_test.c
@@ -28,6 +28,7 @@
  */
 
 #include <stdio.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -146,13 +147,13 @@ static struct pam_conv pam_conversation = {
 };
 
 int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item) {
-  fprintf(stderr, "in pam_get_item() %d for %d\n", item_type, (int)pamh);
+  fprintf(stderr, "in pam_get_item() %d for %d\n", item_type, 
(int)(uintptr_t)pamh);
   if(item_type == PAM_CONV) {
     pam_conversation.appdata_ptr = (void*)pamh;
     *item = &pam_conversation;
   }
-  if(item_type == PAM_AUTHTOK && pamh >= 8) {
-    *item = (void*)_data[(int)pamh].otp;
+  if(item_type == PAM_AUTHTOK && pamh >= (pam_handle_t*)8) {
+    *item = (void*)_data[(int)(uintptr_t)pamh].otp;
   }
   return PAM_SUCCESS;
 }

++++++ util_test-mkdtemp.patch ++++++
>From a92a59c7610d81058de73451ed55fe222e5efe35 Mon Sep 17 00:00:00 2001
From: Karol Babioch <kbabi...@suse.de>
Date: Fri, 6 Apr 2018 16:59:28 +0200
Subject: [PATCH] util_test: Use mkdtemp() instead of tempnam()

The latter function is considered insecure and deprecated on some platforms.
This will create the directory with 0700 implicitely, where it was 0755
beforehand. Since this is a more secure default and the test suite runs fine,
we don't bother to chmod the directory.

bnc#1089520
---
 tests/util_test.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/tests/util_test.c b/tests/util_test.c
index 7b33168..8863e33 100644
--- a/tests/util_test.c
+++ b/tests/util_test.c
@@ -180,12 +180,10 @@ static void test_check_user_challenge_file(void) {
   unlink(buf);
 
   /* create temporary directory */
-  tmpdir_path = tempnam(NULL, "pamtest");
+  char template[] = "/tmp/pamtest.XXXXXX";
+  tmpdir_path = mkdtemp(template);
   assert(tmpdir_path != NULL);
 
-  ret = mkdir(tmpdir_path, 0755);
-  assert(ret == 0);
-
   /* set user data */
   user.pw_name = "tester";
   user.pw_dir = tmpdir_path;
@@ -242,7 +240,6 @@ static void test_check_user_challenge_file(void) {
   /* remove temporary directory */
   ret = rmdir(tmpdir_path);
   assert(ret == 0);
-  free(tmpdir_path);
   free(buf);
 
   /* check test results */

Reply via email to