source: pkg/security/vinnie/main/pam-pgsql/trunk/debian/patches/ipaddr-crash_603436.patch @ 7501

Revision 7501, 949 bytes checked in by alanbach-guest, 2 years ago (diff)
  • Added pam-pgsql to Vinnie security

  • src/backend_pgsql.c 

    Description: this could crash the PAM stack when octets were greater
 that 127 due to %d seeing the values as signed. For example,
 124.198.140.142 was 124.-58.-116.-114 and would overflow the buffer.
Author: Kees Cook <kees@ubuntu.com>
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603436
Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/pam-pgsql/+bug/722386
    old new  
    205205        if(rhost != NULL && (hentry = gethostbyname(rhost)) != NULL) { 
    206206                /* Make IP string */ 
    207207                raddr = malloc(16); 
    208                 sprintf(raddr, "%d.%d.%d.%d", 
     208                sprintf(raddr, "%hhu.%hhu.%hhu.%hhu", 
    209209                        hentry->h_addr_list[0][0], 
    210210                        hentry->h_addr_list[0][1], 
    211211                        hentry->h_addr_list[0][2], 
Note: See TracBrowser for help on using the repository browser.