1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 03-cve-2007-0844.dpatch taken from upstream release 1.92
4
## DP: Fix CVE-2007-0844
5
## DP: (Closes: #410236)
7
--- libpam-ssh-1.91.0/pam_ssh.c 2004-04-12 15:55:08.000000000 +0200
8
+++ libpam-ssh-1.92/pam_ssh.c 2007-02-06 19:10:46.000000000 +0100
11
- * Copyright (c) 1999, 2000, 2001, 2002, 2004 Andrew J. Korty
12
+ * Copyright (c) 1999-2002, 2004, 2007 Andrew J. Korty
13
* All rights reserved.
15
* Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
17
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
20
- * $Id: pam_ssh.c,v 1.81 2004/04/12 13:55:08 akorty Exp $
21
+ * $Id: pam_ssh.c,v 1.83 2007/02/06 18:10:46 akorty Exp $
24
/* to get the asprintf() prototype from the glibc headers */
25
@@ -196,6 +196,27 @@ ssh_cleanup(pam_handle_t *pamh __unused,
29
+ * If the private key's passphrase is blank, only load it if the
30
+ * *supplied* passphrase is blank and if allow_blank_passphrase is
35
+key_load_private_maybe(const char *path, const char *passphrase,
36
+ char **commentp, int allow_blank)
40
+ /* try loading the key with a blank passphrase */
41
+ key = key_load_private(path, "", commentp);
43
+ return allow_blank && *passphrase == '\0' ? key : NULL;
45
+ /* the private key's passphrase isn't blank */
46
+ return key_load_private(path, passphrase, commentp);
50
* Authenticate a user's key by trying to decrypt it with the password
51
* provided. The key and its comment are then stored for later
52
* retrieval by the session phase. An increasing index is embedded in
53
@@ -205,7 +226,7 @@ ssh_cleanup(pam_handle_t *pamh __unused,
56
auth_via_key(pam_handle_t *pamh, const char *file, const char *dir,
57
- const struct passwd *user, const char *pass)
58
+ const struct passwd *user, const char *pass, int allow_blank)
60
char *comment; /* private key comment */
61
char *data_name; /* PAM state */
62
@@ -230,7 +251,7 @@ auth_via_key(pam_handle_t *pamh, const c
63
success, the user is authenticated. */
66
- key = key_load_private(path, pass, &comment);
67
+ key = key_load_private_maybe(path, pass, &comment, allow_blank);
69
if (!comment && !(comment = strdup(file))) {
70
pam_ssh_log(LOG_CRIT, "out of memory");
71
@@ -427,7 +448,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
72
openpam_restore_cred(pamh);
75
- if (!pass || (!allow_blank_passphrase && *pass == '\0')) {
77
openpam_restore_cred(pamh);
80
@@ -451,8 +472,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
82
for (file = strtok(keyfiles, SEP_KEYFILES); file;
83
file = strtok(NULL, SEP_KEYFILES))
84
- if (auth_via_key(pamh, file, dotdir, pwent, pass)
86
+ if (auth_via_key(pamh, file, dotdir, pwent, pass,
87
+ allow_blank_passphrase) == PAM_SUCCESS)