diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2024-01-15 21:36:38 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-16 08:00:00 +0000 |
| commit | c25a858bb548b4eb881dabbf10aed4a08b11e973 (patch) | |
| tree | d9e2ac928576a61cae27ac478b8661ef6afa7ccf /modules/pam_unix/passverify.c | |
| parent | 7055a56794dd18f7a29e4064d7f227ac3e04709c (diff) | |
| download | pam-c25a858bb548b4eb881dabbf10aed4a08b11e973.tar.gz pam-c25a858bb548b4eb881dabbf10aed4a08b11e973.tar.bz2 pam-c25a858bb548b4eb881dabbf10aed4a08b11e973.zip | |
pam_unix: do not allow comma as a field separator
The opasswd file shall not use comma as a separator. Enforce colon just
like pam_pwhistory does as well.
A comma can be part of a user name, although its usage is discouraged.
If such a user exists, it could happen that stored passwords of another
user are checked.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 426d4028..5c4f862e 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -730,7 +730,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } for (; getline(&buf, &bufsize, opwfile) != -1; pam_overwrite_n(buf, bufsize)) { - if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { + if (!strncmp(buf, forwho, len) && strchr(":\n", buf[len]) != NULL) { char *ep, *sptr = NULL; long value; found = 1; @@ -752,7 +752,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, found = 0; continue; } - s_pas = strtok_r(NULL, ":", &sptr); + s_pas = strtok_r(NULL, "", &sptr); value = strtol(s_npas, &ep, 10); if (value < 0 || value >= INT_MAX || s_npas == ep || *ep != '\0') npas = 0; |