From 0a66ad22e54c72690ec2a29a019767c55c5281fc Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Fri, 18 Oct 2024 20:22:57 +1100
Subject: [PATCH] pppd: Remove passprompt plugin

This is prompted by a number of factors:

* It was more useful back in the dial-up days, but no-one uses dial-up
  any more

* In many cases there will be no terminal accessible to the prompter
  program at the point where the prompter is run

* The passwordfd plugin does much the same thing but does it more
  cleanly and securely

* The handling of privileges and file descriptors needs to be audited
  thoroughly.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

CVE: CVE-2024-58250
Upstream-Status: Backport [https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 pppd/plugins/Makefile.linux |   2 +-
 pppd/plugins/Makefile.sol2  |   6 --
 pppd/plugins/passprompt.c   | 119 ------------------------------------
 3 files changed, 1 insertion(+), 126 deletions(-)
 delete mode 100644 pppd/plugins/passprompt.c

diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 6403e3d..fcc36e4 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -17,7 +17,7 @@ CFLAGS += -DUSE_EAPTLS=1
 SUBDIRS := pppoe pppoatm pppol2tp
 # Uncomment the next line to include the radius authentication plugin
 SUBDIRS += radius
-PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
+PLUGINS := minconn.so passwordfd.so winbind.so
 
 # This setting should match the one in ../Makefile.linux
 MPPE=y
diff --git a/pppd/plugins/Makefile.sol2 b/pppd/plugins/Makefile.sol2
index bc7d85d..f77ea1d 100644
--- a/pppd/plugins/Makefile.sol2
+++ b/pppd/plugins/Makefile.sol2
@@ -17,11 +17,5 @@ minconn.so: minconn.o
 minconn.o: minconn.c
 	$(CC) $(CFLAGS) -c $? 
 
-passprompt.so: passprompt.o
-	ld -o $@ $(LDFLAGS) -h $@ passprompt.o
-
-passprompt.o: passprompt.c
-	$(CC) $(CFLAGS) -c $?
-
 clean:
 	rm -f *.o *.so
diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
deleted file mode 100644
index 7779d51..0000000
--- a/pppd/plugins/passprompt.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * passprompt.c - pppd plugin to invoke an external PAP password prompter
- *
- * Copyright 1999 Paul Mackerras, Alan Curry.
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version
- *  2 of the License, or (at your option) any later version.
- */
-#include <errno.h>
-#include <unistd.h>
-#include <sys/wait.h>
-#include <syslog.h>
-#include "pppd.h"
-
-char pppd_version[] = VERSION;
-
-static char promptprog[PATH_MAX+1];
-static int promptprog_refused = 0;
-
-static option_t options[] = {
-    { "promptprog", o_string, promptprog,
-      "External PAP password prompting program",
-      OPT_STATIC, NULL, PATH_MAX },
-    { NULL }
-};
-
-static int promptpass(char *user, char *passwd)
-{
-    int p[2];
-    pid_t kid;
-    int readgood, wstat;
-    ssize_t red;
-
-    if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0)
-	return -1;	/* sorry, can't help */
-
-    if (!passwd)
-	return 1;
-
-    if (pipe(p)) {
-	warn("Can't make a pipe for %s", promptprog);
-	return 0;
-    }
-    if ((kid = fork()) == (pid_t) -1) {
-	warn("Can't fork to run %s", promptprog);
-	close(p[0]);
-	close(p[1]);
-	return 0;
-    }
-    if (!kid) {
-	/* we are the child, exec the program */
-	char *argv[5], fdstr[32];
-	sys_close();
-	closelog();
-	close(p[0]);
-	seteuid(getuid());
-	setegid(getgid());
-	argv[0] = promptprog;
-	argv[1] = user;
-	argv[2] = remote_name;
-	sprintf(fdstr, "%d", p[1]);
-	argv[3] = fdstr;
-	argv[4] = 0;
-	execv(*argv, argv);
-	_exit(127);
-    }
-
-    /* we are the parent, read the password from the pipe */
-    close(p[1]);
-    readgood = 0;
-    do {
-	red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
-	if (red == 0)
-	    break;
-	if (red < 0) {
-	    if (errno == EINTR && !got_sigterm)
-		continue;
-	    error("Can't read secret from %s: %m", promptprog);
-	    readgood = -1;
-	    break;
-	}
-	readgood += red;
-    } while (readgood < MAXSECRETLEN - 1);
-    close(p[0]);
-
-    /* now wait for child to exit */
-    while (waitpid(kid, &wstat, 0) < 0) {
-	if (errno != EINTR || got_sigterm) {
-	    warn("error waiting for %s: %m", promptprog);
-	    break;
-	}
-    }
-
-    if (readgood < 0)
-	return 0;
-    passwd[readgood] = 0;
-    if (!WIFEXITED(wstat))
-	warn("%s terminated abnormally", promptprog);
-    if (WEXITSTATUS(wstat)) {
-	    warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat));
-	    /* code when cancel was hit in the prompt prog */
-	    if (WEXITSTATUS(wstat) == 128) {
-	        promptprog_refused = 1;
-	    }
-	    return -1;
-    }
-    return 1;
-}
-
-void plugin_init(void)
-{
-    add_options(options);
-    pap_passwd_hook = promptpass;
-#ifdef USE_EAPTLS
-    eaptls_passwd_hook = promptpass;
-#endif
-}