SOURCES: PolicyKit-CVE.patch (NEW) - fix CVE-2008-1658

Sat, 12 Apr 2008 06:04:03 -0700 

Author: patrys                       Date: Sat Apr 12 13:07:52 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- fix CVE-2008-1658

---- Files affected:
SOURCES:
   PolicyKit-CVE.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/PolicyKit-CVE.patch
diff -u /dev/null SOURCES/PolicyKit-CVE.patch:1.1
--- /dev/null   Sat Apr 12 15:07:52 2008
+++ SOURCES/PolicyKit-CVE.patch Sat Apr 12 15:07:47 2008
@@ -0,0 +1,49 @@
+From: Kees Cook <[EMAIL PROTECTED]>
+Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400)
+Subject: fix for CVE-2008-1658: format string vulnerability in password input
+X-Git-Url: 
http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7
+
+fix for CVE-2008-1658: format string vulnerability in password input
+
+http://bugs.freedesktop.org/show_bug.cgi?id=15295
+---
+
+--- a/configure.in
++++ b/configure.in
+@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
+   *) CFLAGS="$CFLAGS -Wsign-compare" ;;
+   esac
+ 
++  case " $CFLAGS " in
++  *[\ \       ]-Wformat[\ \   ]*) ;;
++  *) CFLAGS="$CFLAGS -Wformat" ;;
++  esac
++
++  case " $CFLAGS " in
++  *[\ \       ]-Wformat-security[\ \  ]*) ;;
++  *) CFLAGS="$CFLAGS -Wformat-security" ;;
++  esac
++
+   if test "x$enable_ansi" = "xyes"; then
+     case " $CFLAGS " in
+     *[\ \     ]-ansi[\ \      ]*) ;;
+--- a/src/polkit-grant/polkit-grant-helper.c
++++ b/src/polkit-grant/polkit-grant-helper.c
+@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool
+                 *empty_conversation = FALSE;
+ 
+                 /* send to parent */
+-                fprintf (stdout, buf);
++                fprintf (stdout, "%s", buf);
+                 fflush (stdout);
+                 
+                 /* read from parent */
+@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool
+                 fprintf (stderr, "received: '%s' from parent; sending to 
child\n", buf);
+ #endif /* PGH_DEBUG */
+                 /* send to child */
+-                fprintf (child_stdin, buf);
++                fprintf (child_stdin, "%s", buf);
+                 fflush (child_stdin);
+         }
+ 
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to