aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2019-09-05 12:13:27 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-09-05 12:13:27 +0200
commitae81527917e74b9751df4e7bfb7a0b2688362eac (patch)
treeaad0c644ce7a3c5f368491ef44c1839304f660ad
parent0ba993ea5c35fadccba5b111ff5be3909937aaa7 (diff)
downloadbuildroot-ae81527917e74b9751df4e7bfb7a0b2688362eac.tar.gz
buildroot-ae81527917e74b9751df4e7bfb7a0b2688362eac.tar.bz2
package/dropbear: add upstream patch to fix norootlogin (-w) with pam
Fixes #12181 The security fix for CVE-2018-15599 broke the norootlogin (-w) handling when pam support is enabled. Add an upstream patch to fix it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/dropbear/0003-Fix-for-issue-successfull-login-of-disabled-user-78.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/package/dropbear/0003-Fix-for-issue-successfull-login-of-disabled-user-78.patch b/package/dropbear/0003-Fix-for-issue-successfull-login-of-disabled-user-78.patch
new file mode 100644
index 0000000000..b3cec4c08d
--- /dev/null
+++ b/package/dropbear/0003-Fix-for-issue-successfull-login-of-disabled-user-78.patch
@@ -0,0 +1,35 @@
+From a0aa2749813331134452f80bb8a808bdc871ba41 Mon Sep 17 00:00:00 2001
+From: vincentto13 <33652988+vincentto13@users.noreply.github.com>
+Date: Wed, 20 Mar 2019 15:03:40 +0100
+Subject: [PATCH] Fix for issue successfull login of disabled user (#78)
+
+This commit introduces fix for scenario:
+1. Root login disabled on dropbear
+2. PAM authentication model enabled
+
+While login as root user, after prompt for password
+user is being notified about login failrue, but
+after second attempt of prompt for password within
+same session, login becames succesfull.
+
+Signed-off-by: Pawel Rapkiewicz <pawel.rapkiewicz@gmail.com>
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ svr-authpam.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/svr-authpam.c b/svr-authpam.c
+index d201bc9..e236db4 100644
+--- a/svr-authpam.c
++++ b/svr-authpam.c
+@@ -275,6 +275,7 @@ void svr_auth_pam(int valid_user) {
+ /* PAM auth succeeded but the username isn't allowed in for another reason
+ (checkusername() failed) */
+ send_msg_userauth_failure(0, 1);
++ goto cleanup;
+ }
+
+ /* successful authentication */
+--
+2.11.0
+