diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2024-01-02 20:46:54 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-03 17:16:02 +0000 |
| commit | 8f2ca5919b26843ef774ef0aeb9bf261dec943a0 (patch) | |
| tree | 4f5889eb2617a0d966a84d34eaa6a567358fc2d2 /modules/pam_unix/support.c | |
| parent | 4b5eea2e5e76a945b388aca62e8d4b7e7043ba29 (diff) | |
| download | pam-8f2ca5919b26843ef774ef0aeb9bf261dec943a0.tar.gz pam-8f2ca5919b26843ef774ef0aeb9bf261dec943a0.tar.bz2 pam-8f2ca5919b26843ef774ef0aeb9bf261dec943a0.zip | |
pam_unix: avoid reading uninitialized variable
The function _unix_comesfromsource calls _unix_getpwnam internally.
When changing the authentication token, it is first called to read
local passwd file and optionally contacting NIS. If an entry is
found, _unix_getpwnam is called, this time definitely reading passwd
file and contacting NIS (if support exists) and parsing the entry.
This is meant to check if the entry is not just available but also
valid.
Since the return value of _unix_getpwnam is not checked and the
supplied pointer is only set in case of success, the check for a
NULl pointer afterwards can lead to undefined behavior.
It is easier to call _unix_getpwnam directly, check its return value
and then check if the entry could be parsed. This in turn reduces the
amount of /etc/passwd accesses (and fixes a theoretical TOCTOU race).
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules/pam_unix/support.c')
0 files changed, 0 insertions, 0 deletions