diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-11-11 19:50:50 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <github.dl@altlinux.org> | 2023-11-13 10:11:35 +0000 |
| commit | c8a2829b3b4c50b25c00f2b0a739cf330dad99a2 (patch) | |
| tree | bca78123704a6d2e68e64d1d41e0e07b19f76775 | |
| parent | bcf20a531ca112e4c5fef77d57ed8eef56a05101 (diff) | |
| download | pam-c8a2829b3b4c50b25c00f2b0a739cf330dad99a2.tar.gz pam-c8a2829b3b4c50b25c00f2b0a739cf330dad99a2.tar.bz2 pam-c8a2829b3b4c50b25c00f2b0a739cf330dad99a2.zip | |
pam_exec: fix stack overflow on \0 output
If an executed program prints \0 at the beginning of a line, then
pam_exec triggers an out of boundary read (and possible) write on
the stack.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
| -rw-r--r-- | modules/pam_exec/pam_exec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 9d2145dc..41f6c589 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -274,7 +274,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { size_t len; len = strlen(buf); - if (buf[len-1] == '\n') + if (len > 0 && buf[len-1] == '\n') buf[len-1] = '\0'; pam_info(pamh, "%s", buf); } |