Relevant BUGIDs: 484252

Purpose of commit: bugfix Commit summary: --------------- pam_userdb was not paying close enough attention to password comparisons. Bug report and fix from Vladimir Pastukhov.
author: Andrew G. Morgan <morgan@kernel.org> 2001-11-26 03:27:40 +0000
committer: Andrew G. Morgan <morgan@kernel.org> 2001-11-26 03:27:40 +0000
commit: 820ef4f92f20eed02bee458cff35da22662a4631 (patch)
tree: 0bba271ee243a5b86d25629665cbe7dc706f401e /modules/pam_userdb/pam_userdb.c
parent: 6d8f508fe9bed97a12d8f2a8dd01a413d7a60560 (diff)
download: pam-820ef4f92f20eed02bee458cff35da22662a4631.tar.gz
pam-820ef4f92f20eed02bee458cff35da22662a4631.tar.bz2
pam-820ef4f92f20eed02bee458cff35da22662a4631.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 8eb486cb..519ee898 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -138,11 +138,14 @@ static int user_lookup(const char *user, const char *pass)
 
     if (data.dptr != NULL) {
 	int compare = 0;
-	/* bingo, got it */
-	if (ctrl & PAM_ICASE_ARG)
-	    compare = strncasecmp(pass, data.dptr, data.dsize);
-	else
-	    compare = strncmp(pass, data.dptr, data.dsize);
+	
+	if (strlen(pass) != data.dsize) {
+	    compare = 1;
+	} else if (ctrl & PAM_ICASE_ARG) {
+	    compare = strncasecmp(data.dptr, pass, data.dsize);
+	} else {
+	    compare = strncmp(data.dptr, pass, data.dsize);
+	}
 	dbm_close(dbm);
 	if (compare == 0)
 	    return 0; /* match */
author	Andrew G. Morgan <morgan@kernel.org>	2001-11-26 03:27:40 +0000
committer	Andrew G. Morgan <morgan@kernel.org>	2001-11-26 03:27:40 +0000
commit	820ef4f92f20eed02bee458cff35da22662a4631 (patch)
tree	0bba271ee243a5b86d25629665cbe7dc706f401e /modules/pam_userdb/pam_userdb.c
parent	6d8f508fe9bed97a12d8f2a8dd01a413d7a60560 (diff)
download	pam-820ef4f92f20eed02bee458cff35da22662a4631.tar.gz pam-820ef4f92f20eed02bee458cff35da22662a4631.tar.bz2 pam-820ef4f92f20eed02bee458cff35da22662a4631.zip