File bug-724480_pam_env-fix-overflow.patch of Package pam

Description: correctly count leading whitespace when parsing environment
 file (CVE-2011-3148).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
Author: Kees Cook <kees@debian.org>

Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char
     char *p = buffer;
     char *s, *os;
     int used = 0;
+    int whitespace;
 
     /* loop broken with a 'break' when a non-'\\n' ended line is read */
 
@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char
 
 	/* skip leading spaces --- line may be blank */
 
-	s = p + strspn(p, " \n\t");
+	whitespace = strspn(p, " \n\t");
+	s = p + whitespace;
 	if (*s && (*s != '#')) {
+	    used += whitespace;
 	    os = s;
 
 	    /*

Places

File bug-724480_pam_env-fix-overflow.patch of Package pam

Places