From 5a853f985a8fd87018b03582d001530d9d887478 Mon Sep 17 00:00:00 2001
From: zxsvpverifyci <zxsvpverifyci@zte.com.cn>
Date: Fri, 17 Mar 2023 10:29:10 +0800
Subject: [PATCH] added patch for CVE-2022-43955

---
 sudo-1.9.12p1-CVE-2022-43955.patch | 37 ++++++++++++++++++++++++++++++
 sudo.spec                          |  2 ++
 2 files changed, 39 insertions(+)
 create mode 100644 sudo-1.9.12p1-CVE-2022-43955.patch

diff --git a/sudo-1.9.12p1-CVE-2022-43955.patch b/sudo-1.9.12p1-CVE-2022-43955.patch
new file mode 100644
index 0000000..57b9233
--- /dev/null
+++ b/sudo-1.9.12p1-CVE-2022-43955.patch
@@ -0,0 +1,37 @@
+diff -aruN sudo-1.8.29/plugins/sudoers/auth/passwd.c sudo-1.8.29-new/plugins/sudoers/auth/passwd.c
+--- sudo-1.8.29/plugins/sudoers/auth/passwd.c	2023-03-17 03:39:35.003302022 +0800
++++ sudo-1.8.29-new/plugins/sudoers/auth/passwd.c	2023-03-17 03:43:44.088284483 +0800
+@@ -63,7 +63,7 @@
+ int
+ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+ {
+-    char sav, *epass;
++    char des_pass[9], *epass;
+     char *pw_epasswd = auth->data;
+     size_t pw_len;
+     int matched = 0;
+@@ -75,20 +75,19 @@
+ 
+     /*
+      * Truncate to 8 chars if standard DES since not all crypt()'s do this.
+-     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
+      */
+-    sav = pass[8];
+     pw_len = strlen(pw_epasswd);
+-    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
+-	pass[8] = '\0';
+ 
++    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) {
++           strlcpy(des_pass, pass, sizeof(des_pass));
++           pass = des_pass;
++    }
+     /*
+      * Normal UN*X password check.
+      * HP-UX may add aging info (separated by a ',') at the end so
+      * only compare the first DESLEN characters in that case.
+      */
+     epass = (char *) crypt(pass, pw_epasswd);
+-    pass[8] = sav;
+     if (epass != NULL) {
+ 	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+ 	    matched = !strncmp(pw_epasswd, epass, DESLEN);
diff --git a/sudo.spec b/sudo.spec
index e21f5bb..4b75e9c 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -80,6 +80,7 @@ Patch22: sudo-1.9.7-utmp-leak.patch
 Patch24: sudo-1.9.12-CVE-2023-22809-whitelist.patch
 Patch25: sudo-1.9.12-CVE-2023-22809-backports.patch
 Patch26: sudo-1.9.12-CVE-2023-22809.patch
+Patch27: sudo-1.9.12p1-CVE-2022-43955.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -136,6 +137,7 @@ plugins that use %{name}.
 %patch24 -p1 -b .whitelist
 %patch25 -p1 -b .backports
 %patch26 -p1 -b .cve
+%patch27 -p1 -b .CVE-2022-43955
 
 %build
 # Remove bundled copy of zlib
-- 
Gitee