pam_modutil_check_user_in_passwd: avoid timing attacks

* libpam/pam_modutil_check_user.c (pam_modutil_check_user_in_passwd): Do not exit the file reading loop when the user is found, continue reading the file to avoid timing attacks.
author: Dmitry V. Levin <ldv@altlinux.org> 2020-06-16 15:00:00 +0000
committer: Dmitry V. Levin <ldv@altlinux.org> 2020-06-16 15:00:00 +0000
commit: efd2a79c11982d0feebebbf740506c9555120b97 (patch)
tree: 18f08e784896ed904ed6a40fa5ef4aada8539f54 /libpam/pam_modutil_check_user.c
parent: 0adbaeb273da1d45213134aa271e95987103281c (diff)
download: pam-efd2a79c11982d0feebebbf740506c9555120b97.tar.gz
pam-efd2a79c11982d0feebebbf740506c9555120b97.tar.bz2
pam-efd2a79c11982d0feebebbf740506c9555120b97.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/libpam/pam_modutil_check_user.c b/libpam/pam_modutil_check_user.c
index 898b13a9..cf1bd1b5 100644
--- a/libpam/pam_modutil_check_user.c
+++ b/libpam/pam_modutil_check_user.c
@@ -60,7 +60,9 @@ pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
 		if (strncmp(user_name, line, user_len) == 0 &&
 		    line[user_len] == ':') {
 			rc = PAM_SUCCESS;
-			break;
+			/*
+			 * Continue reading the file to avoid timing attacks.
+			 */
 		}
 		/* Has a newline been read?  */
 		line_len = strlen(line);
author	Dmitry V. Levin <ldv@altlinux.org>	2020-06-16 15:00:00 +0000
committer	Dmitry V. Levin <ldv@altlinux.org>	2020-06-16 15:00:00 +0000
commit	efd2a79c11982d0feebebbf740506c9555120b97 (patch)
tree	18f08e784896ed904ed6a40fa5ef4aada8539f54 /libpam/pam_modutil_check_user.c
parent	0adbaeb273da1d45213134aa271e95987103281c (diff)
download	pam-efd2a79c11982d0feebebbf740506c9555120b97.tar.gz pam-efd2a79c11982d0feebebbf740506c9555120b97.tar.bz2 pam-efd2a79c11982d0feebebbf740506c9555120b97.zip