diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2008-02-18 13:37:46 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2008-02-18 13:37:46 +0000 |
| commit | c7daf2606c535ebb2cd14b6e9aaba3c5894222e2 (patch) | |
| tree | 257ed64806c66762a33c1d46f6e77628180cf4d3 /libpam/pam_handlers.c | |
| parent | f2b7f432bc20a90b836c6c2d2dba53979296ccc0 (diff) | |
| download | pam-c7daf2606c535ebb2cd14b6e9aaba3c5894222e2.tar.gz pam-c7daf2606c535ebb2cd14b6e9aaba3c5894222e2.tar.bz2 pam-c7daf2606c535ebb2cd14b6e9aaba3c5894222e2.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2008-02-18 Dmitry V. Levin <ldv@altlinux.org>
* libpam/pam_handlers.c (_pam_assemble_line): Fix potential
buffer overflow.
* xtests/tst-pam_assemble_line.pamd: New test for
_pam_assemble_line.
* xtests/tst-pam_assemble_line.sh: New script for
tst-pam_assemble_line.
* xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line.
Diffstat (limited to 'libpam/pam_handlers.c')
| -rw-r--r-- | libpam/pam_handlers.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index 11508145..848c4fa5 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -511,6 +511,7 @@ int _pam_init_handlers(pam_handle_t *pamh) static int _pam_assemble_line(FILE *f, char *buffer, int buf_len) { char *p = buffer; + char *endp = buffer + buf_len; char *s, *os; int used = 0; @@ -518,12 +519,12 @@ static int _pam_assemble_line(FILE *f, char *buffer, int buf_len) D(("called.")); for (;;) { - if (used >= buf_len) { + if (p >= endp) { /* Overflow */ D(("_pam_assemble_line: overflow")); return -1; } - if (fgets(p, buf_len - used, f) == NULL) { + if (fgets(p, endp - p, f) == NULL) { if (used) { /* Incomplete read */ return -1; |