From e635c9fa3bab2905de57cb4ce7219a52c81cfd6a Mon Sep 17 00:00:00 2001 From: Patryk Zawadzki Date: Sat, 12 Apr 2008 13:07:47 +0000 Subject: [PATCH] - fix CVE-2008-1658 Changed files: PolicyKit-CVE.patch -> 1.1 --- PolicyKit-CVE.patch | 49 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 PolicyKit-CVE.patch diff --git a/PolicyKit-CVE.patch b/PolicyKit-CVE.patch new file mode 100644 index 0000000..d506453 --- /dev/null +++ b/PolicyKit-CVE.patch @@ -0,0 +1,49 @@ +From: Kees Cook +Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400) +Subject: fix for CVE-2008-1658: format string vulnerability in password input +X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7 + +fix for CVE-2008-1658: format string vulnerability in password input + +http://bugs.freedesktop.org/show_bug.cgi?id=15295 +--- + +--- a/configure.in ++++ b/configure.in +@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then + *) CFLAGS="$CFLAGS -Wsign-compare" ;; + esac + ++ case " $CFLAGS " in ++ *[\ \ ]-Wformat[\ \ ]*) ;; ++ *) CFLAGS="$CFLAGS -Wformat" ;; ++ esac ++ ++ case " $CFLAGS " in ++ *[\ \ ]-Wformat-security[\ \ ]*) ;; ++ *) CFLAGS="$CFLAGS -Wformat-security" ;; ++ esac ++ + if test "x$enable_ansi" = "xyes"; then + case " $CFLAGS " in + *[\ \ ]-ansi[\ \ ]*) ;; +--- a/src/polkit-grant/polkit-grant-helper.c ++++ b/src/polkit-grant/polkit-grant-helper.c +@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool + *empty_conversation = FALSE; + + /* send to parent */ +- fprintf (stdout, buf); ++ fprintf (stdout, "%s", buf); + fflush (stdout); + + /* read from parent */ +@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool + fprintf (stderr, "received: '%s' from parent; sending to child\n", buf); + #endif /* PGH_DEBUG */ + /* send to child */ +- fprintf (child_stdin, buf); ++ fprintf (child_stdin, "%s", buf); + fflush (child_stdin); + } + -- 2.43.0