[sys-auth/pam_mysql] pull in a warning fix from Niels Laukens

2016-04-16 16:27:16 +02:00
parent d8a7213663
commit 2168be7aac
5 changed files with 111 additions and 0 deletions
--- a/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-crypt.patch
+++ b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-crypt.patch
@@ -0,0 +1,44 @@
+From af6c8bb9e0375dda6cee20b3de6a23f5d7087635 Mon Sep 17 00:00:00 2001
+From: Niels Laukens <niels.laukens@vrt.be>
+Date: Sun, 22 Nov 2015 16:30:08 +0100
+Subject: [PATCH] Bugfix spurious crypt() warning in log
+
+The crypt() function returns NULL on error, or the string otherwise.
+Only in the case of an error (i.e. NULL return) is the value of errno
+useful.
+
+On my system, crypt() works as expected, but errno is set to ENOENT,
+because the last system call that was executed tried to open
+'/proc/sys/crypto/fips_enabled', which does not exist on my system.
+However, crypt() works fine without that file, but doesn't reset errno
+to 0.
+
+This patch fixes that behaviour, by explicitly checking for a NULL
+return value, and only then examining errno.
+
+It also works around undefined behaviour (strcmp with a NULL argument),
+and makes sure that the password is considered NOT to match if crypt()
+fails.
+---
+ pam_mysql.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pam_mysql.c b/pam_mysql.c
+index 1ba8dec..ace9d55 100644
+--- a/pam_mysql.c
+++ b/pam_mysql.c
+@@ -2872,9 +2872,12 @@ static pam_mysql_err_t pam_mysql_check_passwd(pam_mysql_ctx_t *ctx,
+ 
+ 				/* ENCRYPT */
+ 				case 1:
+-					vresult = strcmp(row[0], crypt(passwd, row[0]));
+-					if (errno) {
+					char *crypted_password = crypt(passwd, row[0]);
+					if (crypted_password == NULL) {
+ 						syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "something went wrong when invoking crypt() - %s", strerror(errno));
+						vresult = 1; // fail
+					} else {
+						vresult = strcmp(row[0], crypted_password);
+ 					}
+ 					break;
+ 
--- a/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff
+++ b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-link-to-pam.diff
@@ -0,0 +1,9 @@
+--- pam_mysql-0.7RC1/Makefile.am	2005-09-20 07:43:44.000000000 +0200
+++ pam_mysql-0.7RC1-1/Makefile.am	2011-09-13 09:21:53.198200066 +0200
+@@ -3,5 +3,6 @@
+ noinst_FILES=pam_mysql.la pam_mysql.a
+ pam_mysql_la_SOURCES=pam_mysql.c
+ pam_mysql_la_LDFLAGS=-module -avoid-version
+pam_mysql_la_LIBADD=-lpam
+ INCLUDES=@INCLUDES@
+ EXTRA_DIST=COPYING NEWS README CREDITS ChangeLog INSTALL pam_mysql.spec.in install-sh missing mkinstalldirs pkg.m4 pam_mysql.spec
--- a/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff
+++ b/sys-auth/pam_mysql/files/pam_mysql-0.7_rc1-memleak.diff
@@ -0,0 +1,10 @@
+--- pam_mysql-0.7RC1/pam_mysql.c	2006-01-09 11:35:59.000000000 +0100
+++ pam_mysql-0.7RC1-1/pam_mysql.c	2011-10-18 20:26:38.655425994 +0200
+@@ -2338,6 +2338,7 @@
+ 	}
+ 
+ 	mysql_close(ctx->mysql_hdl);
+	mysql_library_end();
+ 
+ 	xfree(ctx->mysql_hdl);
+ 	ctx->mysql_hdl = NULL;