diff options
| author | Florian Best <best@univention.de> | 2019-06-26 13:49:23 +0200 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2019-06-27 18:23:16 +0200 |
| commit | 65816326c285c5d5eec51766e1de329f177c28f7 (patch) | |
| tree | bc5b59f3d03aad32a8d6573ef2e3139f9f53cb7b /modules/pam_unix/support.c | |
| parent | b49488bc884454323553bb95b01a7765312fb515 (diff) | |
| download | pam-65816326c285c5d5eec51766e1de329f177c28f7.tar.gz pam-65816326c285c5d5eec51766e1de329f177c28f7.tar.bz2 pam-65816326c285c5d5eec51766e1de329f177c28f7.zip | |
Trim password at PAM_MAX_RESP_SIZE chars
Issue #118: Protect against Denial of Service attacks.
To prevent hashsum generation via crypt of very long passwords the
password is now stripped to 512 characters. This is equivalent behavior
to unix_chkpwd.
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 75851508..e5415f59 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -646,6 +646,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name struct passwd *pwd = NULL; char *salt = NULL; char *data_name; + char pw[MAX_PASS + 1]; int retval; @@ -672,6 +673,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name); } + if (p != NULL && strlen(p) > MAX_PASS) { + memset(pw, 0, sizeof(pw)); + p = strncpy(pw, p, sizeof(pw) - 1); + } + if (retval != PAM_SUCCESS) { if (retval == PAM_UNIX_RUN_HELPER) { D(("running helper binary")); @@ -781,6 +787,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } cleanup: + memset(pw, 0, sizeof(pw)); /* clear memory of the password */ if (data_name) _pam_delete(data_name); if (salt) |