mirrors/linux-pam
0
0
Fork 0
mirror of https://github.com/linux-pam/linux-pam.git synced 2024-11-23 17:53:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

pam_localuser: reject user names that are too long

Browse Source 
Too long user names used to be truncated which could potentially result
to false match and, consequently, to incorrect PAM_SUCCESS return value.

* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_SERVICE_ERR if the user name is too long.
This commit is contained in:
Dmitry V. Levin 2020-05-01 21:44:59 +00:00
parent bd3cdf24ee
commit e35c10e968
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/pam_localuser/pam_localuser.c
View File

@ -106,6 +106,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
return PAM_SYSTEM_ERR;
}
if (strlen(user) > sizeof(name) - sizeof(":")) {
pam_syslog (pamh, LOG_ERR, "user name too long");
fclose(fp);
return PAM_SERVICE_ERR;
}
if (strchr(user, ':') != NULL) {
/*
* "root:x" is not a local user name even if the passwd file