diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-10 14:20:32 +0000 |
|---|---|---|
| committer | Tobias Stoeckmann <tobias@stoeckmann.org> | 2023-12-11 21:02:31 +0100 |
| commit | b8429cc8036cd23d075174d13eedc6d857e2b454 (patch) | |
| tree | 961a80706e4bfa229cfe0c9ec127b28da7fe4fe4 /modules/pam_unix/passverify.c | |
| parent | bf9ebc84c091f9f2d018aac2f9c2c4c4933e319e (diff) | |
| download | pam-b8429cc8036cd23d075174d13eedc6d857e2b454.tar.gz pam-b8429cc8036cd23d075174d13eedc6d857e2b454.tar.bz2 pam-b8429cc8036cd23d075174d13eedc6d857e2b454.zip | |
pam_unix: check str to integer conversions
Print an error in syslog if an integer could not be converted.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 930c7d3c..98f997d5 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -5,6 +5,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> #include "support.h" +#include <limits.h> #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -703,7 +704,8 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, while (fgets(buf, 16380, opwfile)) { if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { - char *sptr = NULL; + char *ep, *sptr = NULL; + long value; found = 1; if (howmany == 0) continue; @@ -724,7 +726,11 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, continue; } s_pas = strtok_r(NULL, ":", &sptr); - npas = strtol(s_npas, NULL, 10) + 1; + value = strtol(s_npas, &ep, 10); + if (value < 0 || value >= INT_MAX || s_npas == ep || *ep != '\0') + npas = 0; + else + npas = (int)value + 1; while (npas > howmany && s_pas != NULL) { s_pas = strpbrk(s_pas, ","); if (s_pas != NULL) |