[packages/PolicyKit.git] / PolicyKit-CVE.patch

From: Kees Cook <kees@outflux.net>
Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400)
Subject: fix for CVE-2008-1658: format string vulnerability in password input
X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7

fix for CVE-2008-1658: format string vulnerability in password input

http://bugs.freedesktop.org/show_bug.cgi?id=15295
---

--- a/configure.in
+++ b/configure.in
@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
   *) CFLAGS="$CFLAGS -Wsign-compare" ;;
   esac
 
+  case " $CFLAGS " in
+  *[\ \	]-Wformat[\ \	]*) ;;
+  *) CFLAGS="$CFLAGS -Wformat" ;;
+  esac
+
+  case " $CFLAGS " in
+  *[\ \	]-Wformat-security[\ \	]*) ;;
+  *) CFLAGS="$CFLAGS -Wformat-security" ;;
+  esac
+
   if test "x$enable_ansi" = "xyes"; then
     case " $CFLAGS " in
     *[\ \	]-ansi[\ \	]*) ;;
--- a/src/polkit-grant/polkit-grant-helper.c
+++ b/src/polkit-grant/polkit-grant-helper.c
@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool
                 *empty_conversation = FALSE;
 
                 /* send to parent */
-                fprintf (stdout, buf);
+                fprintf (stdout, "%s", buf);
                 fflush (stdout);
                 
                 /* read from parent */
@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool
                 fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
 #endif /* PGH_DEBUG */
                 /* send to child */
-                fprintf (child_stdin, buf);
+                fprintf (child_stdin, "%s", buf);
                 fflush (child_stdin);
         }
Commit	Line	Data
e635c9fa PZ	1	From: Kees Cook <kees@outflux.net>
	2	Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400)
	3	Subject: fix for CVE-2008-1658: format string vulnerability in password input
	4	X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7
	5
	6	fix for CVE-2008-1658: format string vulnerability in password input
	7
	8	http://bugs.freedesktop.org/show_bug.cgi?id=15295
	9	---
	10
	11	--- a/configure.in
	12	+++ b/configure.in
	13	@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
	14	*) CFLAGS="$CFLAGS -Wsign-compare" ;;
	15	esac
	16
	17	+ case " $CFLAGS " in
	18	+ [\ \ ]-Wformat[\ \ ]) ;;
	19	+ *) CFLAGS="$CFLAGS -Wformat" ;;
	20	+ esac
	21	+
	22	+ case " $CFLAGS " in
	23	+ [\ \ ]-Wformat-security[\ \ ]) ;;
	24	+ *) CFLAGS="$CFLAGS -Wformat-security" ;;
	25	+ esac
	26	+
	27	if test "x$enable_ansi" = "xyes"; then
	28	case " $CFLAGS " in
	29	[\ \ ]-ansi[\ \ ]) ;;
	30	--- a/src/polkit-grant/polkit-grant-helper.c
	31	+++ b/src/polkit-grant/polkit-grant-helper.c
	32	@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool
	33	*empty_conversation = FALSE;
	34
	35	/* send to parent */
	36	- fprintf (stdout, buf);
	37	+ fprintf (stdout, "%s", buf);
	38	fflush (stdout);
	39
	40	/* read from parent */
	41	@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool
	42	fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
	43	#endif /* PGH_DEBUG */
	44	/* send to child */
	45	- fprintf (child_stdin, buf);
	46	+ fprintf (child_stdin, "%s", buf);
	47	fflush (child_stdin);
	48	}
	49