Relevant BUGIDs: 484252

Purpose of commit: bugfix Commit summary: --------------- pam_userdb was not paying close enough attention to password comparisons. Bug report and fix from Vladimir Pastukhov.
2024-11-24 10:22:47 +08:00 · 2001-11-26 03:27:40 +00:00 · 2001-11-26 03:27:40 +00:00 · 820ef4f92f
commit 820ef4f92f
parent 6d8f508fe9
2 changed files with 11 additions and 6 deletions
--- a/4
+++ b/4
@ -49,8 +49,10 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
      patches!

+* pam_userdb: require that all of typed password matches that in
+  database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan)
 * pam_malloc: revived malloc debugging code, now tied to
-  --enable-memory-debug and added strdup() (Bug 485454 - agmorgan)
+  --enable-memory-debug and added strdup() support (Bug 485454 - agmorgan)
 * pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan)
 * pam_rhosts: Nalin adds support for '+hostname', and zdd fix
  compilation warning. (Bug 476986 - agmorgan)
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@ -138,11 +138,14 @@ static int user_lookup(const char *user, const char *pass)

    if (data.dptr != NULL) {
 	int compare = 0;
-	/* bingo, got it */
-	if (ctrl & PAM_ICASE_ARG)
-	    compare = strncasecmp(pass, data.dptr, data.dsize);
-	else
-	    compare = strncmp(pass, data.dptr, data.dsize);
+	
+	if (strlen(pass) != data.dsize) {
+	    compare = 1;
+	} else if (ctrl & PAM_ICASE_ARG) {
+	    compare = strncasecmp(data.dptr, pass, data.dsize);
+	} else {
+	    compare = strncmp(data.dptr, pass, data.dsize);
+	}
 	dbm_close(dbm);
 	if (compare == 0)
 	    return 0; /* match */