mirrors/linux-pam
0
0
Fork 0
mirror of https://github.com/linux-pam/linux-pam.git synced 2024-11-24 02:03:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Relevant BUGIDs: 116076

Browse Source 
Purpose of commit: bugfix

Commit summary:
---------------
Added pam_time/pam_group fixes for infinite loop when reading
'\\[^\n]' in their config files and also added support for '/'.
The latter makes both of these modules support modern tty handling.
This commit is contained in:
Andrew G. Morgan 2000-11-26 07:32:39 +00:00
parent c5d2c9e20e
commit 6b6fbdbcf1
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -35,6 +35,9 @@ Where you should replace XXXXX with a bug-id.
0.73: please submit patches for this section with actual code/doc
patches!
* added support for '/' symbols in pam_time and pam_group config files
(support for modern terminal devices). Fixed infinite loop problem
with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
* avoid potential SIGPIPE when writing to helper binaries with (Bug
123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if

2
modules/pam_group/group.conf
View File

@ -10,7 +10,7 @@
# *** NOT inherently secure. If a user can create an executable that
# *** is setgid a group that they are infrequently given membership
# *** of, they can basically obtain group membership any time they
# *** like. Example: games are alowed between the hours of 6pm and 6am
# *** like. Example: games are allowed between the hours of 6pm and 6am
# *** user joe logs in at 7pm writes a small C-program toplay.c that
# *** invokes their favorite shell, compiles it and does
# *** "chgrp games toplay; chmod g+s toplay". They are basically able

4
modules/pam_group/pam_group.c
View File

@ -165,6 +165,8 @@ static int read_field(int fd, char **buf, int *from, int *to)
if ((*buf)[i+1] == '\n') {
shift_bytes(i + *buf, 2, *to - (i+2));
*to -= 2;
} else {
++i; /* we don't escape non-newline characters */
}
break;
case '!':
@ -245,7 +247,7 @@ static int logic_member(const char *string, int *at)
default:
if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
|| c == '-' || c == '.') {
|| c == '-' || c == '.' || c == '/') {
token = 1;
} else if (token) {
--to;

4
modules/pam_time/pam_time.c
View File

@ -166,6 +166,8 @@ static int read_field(int fd, char **buf, int *from, int *to)
if ((*buf)[i+1] == '\n') {
shift_bytes(i + *buf, 2, *to - (i+2));
*to -= 2;
} else {
++i; /* we don't escape non-newline characters */
}
break;
case '!':
@ -247,7 +249,7 @@ static int logic_member(const char *string, int *at)
default:
if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
|| c == '-' || c == '.') {
|| c == '-' || c == '.' || c == '/') {
token = 1;
} else if (token) {
--to;