diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2000-11-25 04:40:55 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2000-11-25 04:40:55 +0000 |
| commit | c5d2c9e20e5c6f42750c42397898ab0f1291544b (patch) | |
| tree | e69c0fc438d59b04a0cc6aebdcd70dea5220a4dc | |
| parent | 4ea47216da66274357b14d5d7488ccbde27d75c4 (diff) | |
| download | pam-c5d2c9e20e5c6f42750c42397898ab0f1291544b.tar.gz pam-c5d2c9e20e5c6f42750c42397898ab0f1291544b.tar.bz2 pam-c5d2c9e20e5c6f42750c42397898ab0f1291544b.zip | |
Relevant BUGIDs: 123399
Purpose of commit: bugfix
Commit summary:
---------------
avoid possibility of SIGPIPE from helper binary non-invocation or
early exit.
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | modules/pam_pwdb/support.-c | 3 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 2 |
3 files changed, 5 insertions, 2 deletions
@@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id. 0.73: please submit patches for this section with actual code/doc patches! +* avoid potential SIGPIPE when writing to helper binaries with (Bug + 123399 - agmorgan) * replaced bogus logic in the pam_cracklib module for determining if the replacement is too similar to the old password (Bug 115055 - agmorgan) diff --git a/modules/pam_pwdb/support.-c b/modules/pam_pwdb/support.-c index 2cbcb576..d43e0554 100644 --- a/modules/pam_pwdb/support.-c +++ b/modules/pam_pwdb/support.-c @@ -378,13 +378,14 @@ static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd) exit(PWDB_SUCCESS+1); } else if (child > 0) { /* wait for child */ - close(fds[0]); if (passwd != NULL) { /* send the password to the child */ write(fds[1], passwd, strlen(passwd)+1); passwd = NULL; } else { write(fds[1], "", 1); /* blank password */ } + close(fds[0]); /* we close this after the write because we want + to avoid a possible SIGPIPE. */ close(fds[1]); (void) waitpid(child, &retval, 0); /* wait for helper to complete */ retval = (retval == PWDB_SUCCESS) ? PAM_SUCCESS:PAM_AUTH_ERR; diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 256e4999..a0f2c52d 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -398,7 +398,6 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ - close(fds[0]); /* if the stored password is NULL */ if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ write(fds[1], "nullok\0\0", 8); @@ -411,6 +410,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig } else { write(fds[1], "", 1); /* blank password */ } + close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); (void) waitpid(child, &retval, 0); /* wait for helper to complete */ retval = (retval == 0) ? PAM_SUCCESS:PAM_AUTH_ERR; |