pam (1.1.3-7.1) pam_env-fix-overflow.patch

Summary

 modules/pam_env/pam_env.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

    
download this patch

Patch contents

Description: correctly count leading whitespace when parsing environment
 file (CVE-2011-3148).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
Author: Kees Cook <kees@debian.org>

Index: pam-debian/modules/pam_env/pam_env.c
===================================================================
--- pam-debian.orig/modules/pam_env/pam_env.c	2011-10-14 10:51:30.973701139 -0700
+++ pam-debian/modules/pam_env/pam_env.c	2011-10-14 12:32:25.578188004 -0700
@@ -287,6 +287,7 @@
     char *p = buffer;
     char *s, *os;
     int used = 0;
+    int whitespace;
 
     /* loop broken with a 'break' when a non-'\\n' ended line is read */
 
@@ -309,8 +310,10 @@
 
 	/* skip leading spaces --- line may be blank */
 
-	s = p + strspn(p, " \n\t");
+	whitespace = strspn(p, " \n\t");
+	s = p + whitespace;
 	if (*s && (*s != '#')) {
+	    used += whitespace;
 	    os = s;
 
 	    /*