diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-04 22:33:19 +0100 |
|---|---|---|
| committer | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-04 22:42:38 +0100 |
| commit | 9082c6c2754b72b2146c6e6e3011b4920a491b3f (patch) | |
| tree | 0f5c9bdc8968ae07c1f7c52d0334967d82995447 /libpam | |
| parent | 54e411335f6ce59c5c4b2e7a4588a1ca655e1e70 (diff) | |
| download | pam-9082c6c2754b72b2146c6e6e3011b4920a491b3f.tar.gz pam-9082c6c2754b72b2146c6e6e3011b4920a491b3f.tar.bz2 pam-9082c6c2754b72b2146c6e6e3011b4920a491b3f.zip | |
libpam: check for INT_MAX limit in ioloop
The size arguments to pam_modutil_read and pam_modutil_write are of
type int. If a negative value is specified, fail with -1 instead of
returning 0, indicating "just" a short read or write.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/pam_modutil_ioloop.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/libpam/pam_modutil_ioloop.c b/libpam/pam_modutil_ioloop.c index 9b73ed75..72b58455 100644 --- a/libpam/pam_modutil_ioloop.c +++ b/libpam/pam_modutil_ioloop.c @@ -15,6 +15,11 @@ pam_modutil_read(int fd, char *buffer, int count) { int block, offset = 0; + if (count < 0) { + errno = EINVAL; + return -1; + } + while (count > 0) { block = read(fd, &buffer[offset], count); @@ -36,6 +41,11 @@ pam_modutil_write(int fd, const char *buffer, int count) { int block, offset = 0; + if (count < 0) { + errno = EINVAL; + return -1; + } + while (count > 0) { block = write(fd, &buffer[offset], count); |