[OE-core] [scarthgap][PATCH] libpam: fix runtime error in pam_pwhistory moudle

Yi Zhao Mon, 01 Jul 2024 07:10:07 -0700

Backport a patch to fix runtime error in pam_pwhistory module when
selinux is enabled:


root@qemux86-64:~# passwd
passwd: System error
passwd: password unchanged

Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
 ...x-passing-NULL-filename-argument-to-.patch | 69 +++++++++++++++++++
 meta/recipes-extended/pam/libpam_1.5.3.bb     |  1 +
 2 files changed, 70 insertions(+)
 create mode 100644 
meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch

diff --git 
a/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
 
b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
new file mode 100644
index 0000000000..23d5646235
--- /dev/null
+++ 
b/meta/recipes-extended/pam/libpam/0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch
@@ -0,0 +1,69 @@
+From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001
+From: Md Zain Hasib <has...@vmware.com>
+Date: Sat, 29 Jul 2023 11:01:35 +0530
+Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to
+ pwhistory helper
+
+This change fixes a bug when pwhistory_helper is invoked from
+pam_pwhistory with an NULL filename, pwhistory_helper receives a short
+circuited argc count of 3, ignoring the rest of the arguments passed
+due to filename being NULL. To resolve the issue, an empty string is
+passed in case the filename is empty, which is later changed back to
+NULL in pwhistory_helper so that it can be passed to opasswd to read
+the default opasswd file.
+
+* modules/pam_pwhistory/pam_pwhistory.c (run_save_helper,
+run_check_helper): Replace NULL filename argument with an empty string.
+* modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string
+filename argument with NULL.
+
+Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password 
history file (#396)")
+Signed-off-by: Dmitry V. Levin <l...@strace.io>
+
+Upstream-Status: Backport
+[https://github.com/linux-pam/linux-pam/commit/80dc2d410595b5193d32f965185710df27f3984e]
+
+Signed-off-by: Yi Zhao <yi.z...@windriver.com>
+---
+ modules/pam_pwhistory/pam_pwhistory.c    | 4 ++--
+ modules/pam_pwhistory/pwhistory_helper.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_pwhistory/pam_pwhistory.c 
b/modules/pam_pwhistory/pam_pwhistory.c
+index 5a7fb811..98ddffce 100644
+--- a/modules/pam_pwhistory/pam_pwhistory.c
++++ b/modules/pam_pwhistory/pam_pwhistory.c
+@@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user,
+       args[0] = (char *)PWHISTORY_HELPER;
+       args[1] = (char *)"save";
+       args[2] = (char *)user;
+-      args[3] = (char *)filename;
++      args[3] = (char *)((filename != NULL) ? filename : "");
+       DIAG_POP_IGNORE_CAST_QUAL;
+       if (asprintf(&args[4], "%d", howmany) < 0 ||
+           asprintf(&args[5], "%d", debug) < 0)
+@@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user,
+       args[0] = (char *)PWHISTORY_HELPER;
+       args[1] = (char *)"check";
+       args[2] = (char *)user;
+-      args[3] = (char *)filename;
++      args[3] = (char *)((filename != NULL) ? filename : "");
+       DIAG_POP_IGNORE_CAST_QUAL;
+       if (asprintf(&args[4], "%d", debug) < 0)
+         {
+diff --git a/modules/pam_pwhistory/pwhistory_helper.c 
b/modules/pam_pwhistory/pwhistory_helper.c
+index 469d95fa..fb9a1e31 100644
+--- a/modules/pam_pwhistory/pwhistory_helper.c
++++ b/modules/pam_pwhistory/pwhistory_helper.c
+@@ -108,7 +108,7 @@ main(int argc, char *argv[])
+ 
+   option = argv[1];
+   user = argv[2];
+-  filename = argv[3];
++  filename = (argv[3][0] != '\0') ? argv[3] : NULL;
+ 
+   if (strcmp(option, "check") == 0 && argc == 5)
+     return check_history(user, filename, argv[4]);
+-- 
+2.25.1
+
diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb 
b/meta/recipes-extended/pam/libpam_1.5.3.bb
index 2a53bb4cc5..ef32d19f3d 100644
--- a/meta/recipes-extended/pam/libpam_1.5.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.3.bb
@@ -25,6 +25,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
            file://run-ptest \
            file://pam-volatiles.conf \
            file://0001-pam_namespace-include-stdint-h.patch \
+           
file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \
            "
 
 SRC_URI[sha256sum] = 
"7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283"
-- 
2.25.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#201304): 
https://lists.openembedded.org/g/openembedded-core/message/201304
Mute This Topic: https://lists.openembedded.org/mt/106979689/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [scarthgap][PATCH] libpam: fix runtime error in pam_pwhistory moudle

Reply via email to