diff options
| author | Egor Ignatov <egori@altlinux.org> | 2024-05-30 14:03:20 +0300 |
|---|---|---|
| committer | Egor Ignatov <egori@altlinux.org> | 2024-05-30 14:30:46 +0300 |
| commit | efa6e33b1da594f2a2c4c2c8871416a3d5011015 (patch) | |
| tree | 144b172fb626db81cecfa55a8add843e4dc1479b | |
| parent | 8562cb1b951e7bd807af6b43d85c71cedd7b10d7 (diff) | |
| download | pam-efa6e33b1da594f2a2c4c2c8871416a3d5011015.tar.gz pam-efa6e33b1da594f2a2c4c2c8871416a3d5011015.tar.bz2 pam-efa6e33b1da594f2a2c4c2c8871416a3d5011015.zip | |
pam_set_item: disallow setting service to NULL
This also prevents a possible segfault when pam_set_item tries to
convert an empty service_name to lower case.
| -rw-r--r-- | libpam/pam_item.c | 6 | ||||
| -rw-r--r-- | tests/tst-pam_set_item.c | 10 |
2 files changed, 16 insertions, 0 deletions
diff --git a/libpam/pam_item.c b/libpam/pam_item.c index ad736a4f..c3a5a3bd 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -38,6 +38,12 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) switch (item_type) { case PAM_SERVICE: + if (item == NULL) { + pam_syslog(pamh, LOG_ERR, + "pam_set_item: attempt to set service to NULL"); + retval = PAM_BAD_ITEM; + break; + } /* Setting handlers_loaded to 0 will cause the handlers * to be reloaded on the next call to a service module. */ diff --git a/tests/tst-pam_set_item.c b/tests/tst-pam_set_item.c index 3457b49c..607fbf28 100644 --- a/tests/tst-pam_set_item.c +++ b/tests/tst-pam_set_item.c @@ -144,6 +144,16 @@ main (void) } } + /* 5: try to set PAM_SERVICE to NULL */ + retval = pam_set_item (pamh, PAM_SERVICE, NULL); + if (retval != PAM_BAD_ITEM) + { + fprintf (stderr, + "pam_set_item (pamh, PAM_SERVICE, NULL) returned %d\n", + retval); + return 1; + } + pam_end (pamh, 0); return 0; |