diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-11-11 20:42:56 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <github.dl@altlinux.org> | 2023-11-13 10:11:35 +0000 |
| commit | 32e4039784ba32a54406688b5bb71d3069381648 (patch) | |
| tree | a8fbf39631ba7fefb3f406b0bc8130779d7b8ffd | |
| parent | c8a2829b3b4c50b25c00f2b0a739cf330dad99a2 (diff) | |
| download | pam-32e4039784ba32a54406688b5bb71d3069381648.tar.gz pam-32e4039784ba32a54406688b5bb71d3069381648.tar.bz2 pam-32e4039784ba32a54406688b5bb71d3069381648.zip | |
pam_securetty: protect against invalid input files
If fgets encounters a file with a \0 at the beginning of a line, then
strlen()-1 would turn negative. Check if line has at least one
character in it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
| -rw-r--r-- | modules/pam_securetty/pam_securetty.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 837c871b..e51b0062 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -158,8 +158,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) && retval) { - if (ttyfileline[strlen(ttyfileline) - 1] == '\n') - ttyfileline[strlen(ttyfileline) - 1] = '\0'; + size_t len; + len = strlen(ttyfileline); + if (len > 0 && ttyfileline[len - 1] == '\n') + ttyfileline[len - 1] = '\0'; retval = ( strcmp(ttyfileline, uttyname) && (!ptname[0] || strcmp(ptname, uttyname)) ); @@ -211,9 +213,12 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, fclose(consoleactivefile); if (p) { + size_t len; + /* remove the newline character at end */ - if (line[strlen(line)-1] == '\n') - line[strlen(line)-1] = 0; + len = strlen(line); + if (len && line[len-1] == '\n') + line[len-1] = 0; for (n = p; n != NULL; p = n+1) { if ((n = strchr(p, ' ')) != NULL) |