Second blank check with root for non-existent users must never return 1 - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tomas Mraz <tmraz@fedoraproject.org>	2020-11-20 13:38:23 +0100
committer	Tomas Mraz <tmraz@fedoraproject.org>	2020-11-20 14:50:36 +0100
commit	30fdfb90d9864bcc254a62760aaa149d373fd4eb (patch)
tree	55ebb7ea998be440e6077e63dd2e0f29ad73270a /NEWS
parent	e50eb5042c6ab3f8fc4da8ac16d327c7deb8247f (diff)
download	pam-30fdfb90d9864bcc254a62760aaa149d373fd4eb.tar.gz pam-30fdfb90d9864bcc254a62760aaa149d373fd4eb.tar.bz2 pam-30fdfb90d9864bcc254a62760aaa149d373fd4eb.zip

Second blank check with root for non-existent users must never return 1

The commit af0faf66 ("pam_unix: avoid determining if user exists") introduced a regression where the blank check could return 1 if root had an empty password hash because in the second case the password hash of root was used. We now always return 0 in this case. The issue was found by Johannes Löthberg. Fixes #284 * modules/pam_unix/support.c (_unix_blankpasswd): Make the loop to cover the complete blank check so both existing and non existing cases are identical except for the possible return value.

Diffstat (limited to 'NEWS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: