|
 |
7f16b85 |
From 1329c68b19daa6d5793dd672db73ebe85465eea9 Mon Sep 17 00:00:00 2001
|
|
|
7f16b85 |
From: Paul Wouters <pwouters@redhat.com>
|
|
|
7f16b85 |
Date: Wed, 11 Apr 2012 21:13:14 +0200
|
|
|
7f16b85 |
Subject: [PATCH] Check for crypt() failure returning NULL.
|
|
|
7f16b85 |
|
|
|
7f16b85 |
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message.
|
|
|
7f16b85 |
* modules/pam_unix/passverify.c (create_password_hash): Check for crypt()
|
|
|
7f16b85 |
returning NULL.
|
|
|
7f16b85 |
---
|
|
|
7f16b85 |
modules/pam_unix/pam_unix_passwd.c | 2 +-
|
|
|
7f16b85 |
modules/pam_unix/passverify.c | 6 ++++--
|
|
|
7f16b85 |
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
7f16b85 |
|
|
|
7f16b85 |
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
|
|
|
7f16b85 |
index e9059d3..9e1302d 100644
|
|
|
7f16b85 |
--- a/modules/pam_unix/pam_unix_passwd.c
|
|
|
7f16b85 |
+++ b/modules/pam_unix/pam_unix_passwd.c
|
|
|
7f16b85 |
@@ -800,7 +800,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
|
|
7f16b85 |
tpass = create_password_hash(pamh, pass_new, ctrl, rounds);
|
|
|
7f16b85 |
if (tpass == NULL) {
|
|
|
7f16b85 |
pam_syslog(pamh, LOG_CRIT,
|
|
|
7f16b85 |
- "out of memory for password");
|
|
|
7f16b85 |
+ "crypt() failure or out of memory for password");
|
|
|
7f16b85 |
pass_new = pass_old = NULL; /* tidy up */
|
|
|
7f16b85 |
unlock_pwdf();
|
|
|
7f16b85 |
return PAM_BUF_ERR;
|
|
|
7f16b85 |
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
|
|
|
7f16b85 |
index 5289955..4840bb2 100644
|
|
|
7f16b85 |
--- a/modules/pam_unix/passverify.c
|
|
|
7f16b85 |
+++ b/modules/pam_unix/passverify.c
|
|
|
7f16b85 |
@@ -424,7 +424,7 @@ PAMH_ARG_DECL(char * create_password_hash,
|
|
|
7f16b85 |
}
|
|
|
7f16b85 |
#endif
|
|
|
7f16b85 |
sp = crypt(password, salt);
|
|
|
7f16b85 |
- if (strncmp(algoid, sp, strlen(algoid)) != 0) {
|
|
|
7f16b85 |
+ if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
|
|
|
7f16b85 |
/* libxcrypt/libc doesn't know the algorithm, use MD5 */
|
|
|
7f16b85 |
pam_syslog(pamh, LOG_ERR,
|
|
|
7f16b85 |
"Algo %s not supported by the crypto backend, "
|
|
|
7f16b85 |
@@ -432,7 +432,9 @@ PAMH_ARG_DECL(char * create_password_hash,
|
|
|
7f16b85 |
on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
|
|
|
7f16b85 |
on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
|
|
|
7f16b85 |
on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
|
|
|
7f16b85 |
- memset(sp, '\0', strlen(sp));
|
|
|
7f16b85 |
+ if(sp) {
|
|
|
7f16b85 |
+ memset(sp, '\0', strlen(sp));
|
|
|
7f16b85 |
+ }
|
|
|
7f16b85 |
return crypt_md5_wrapper(password);
|
|
|
7f16b85 |
}
|
|
|
7f16b85 |
|
|
|
7f16b85 |
--
|
|
|
7f16b85 |
1.7.7.6
|
|
|
7f16b85 |
|