pam_env: fix handling of huge strings - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tobias Stoeckmann <tobias@stoeckmann.org>	2023-10-12 21:59:15 +0200
committer	Tobias Stoeckmann <tobias@stoeckmann.org>	2023-10-13 06:54:39 +0200
commit	da484d7243a18c5b3a572274d08c9f8f1b7f7b1d (patch)
tree	7bdb76a26654eb37b2172f2e16b42ece686d7745 /libpam/pam_modutil_sanitize.c
parent	80dc2d410595b5193d32f965185710df27f3984e (diff)
download	pam-da484d7243a18c5b3a572274d08c9f8f1b7f7b1d.tar.gz pam-da484d7243a18c5b3a572274d08c9f8f1b7f7b1d.tar.bz2 pam-da484d7243a18c5b3a572274d08c9f8f1b7f7b1d.zip

pam_env: fix handling of huge strings

pam_putenv and pam_getenv do not properly handle strings which are longer than 2 GB (INT_MAX). In pam_putenv the l2eq variable could overflow and turn negative, leading to out of boundary access (after the fact that signed integer overflow is undefined behavior). In pam_getenv a very long string could lead to a small int value so other environment variables could match. The easiest fix for both is to use size_t. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Diffstat (limited to 'libpam/pam_modutil_sanitize.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: