diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2024-01-13 23:58:15 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-14 15:07:56 +0000 |
| commit | 4130bc323f9ce99a97aa4566e170725415556060 (patch) | |
| tree | 96c34a47888cf480c146a48e8f4409b969a28fb4 /modules | |
| parent | 539816e4a0a277dbb632412be91e482fff9d9d09 (diff) | |
| download | pam-4130bc323f9ce99a97aa4566e170725415556060.tar.gz pam-4130bc323f9ce99a97aa4566e170725415556060.tar.bz2 pam-4130bc323f9ce99a97aa4566e170725415556060.zip | |
pam_succeed_if: allow very long field values
Fields are currently written to stack buffer, even if they already
exist in heap. Just reference them in this case. If numbers have to be
stored as a string, use a stack buffer sufficiently large for the
long long conversion (64 bit).
Also adjust the "left != buf" check to allow this change. It is simply
the else-statement to previous if-else-if-block, because in every other
case left is set to buf.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 39 |
1 files changed, 16 insertions, 23 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 1857eb96..522fc5cf 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -292,7 +292,7 @@ evaluate(pam_handle_t *pamh, int debug, const char *left, const char *qual, const char *right, struct passwd **pwd, const char *user) { - char buf[LINE_MAX] = ""; + char numstr[sizeof(long) * 3 + 1] = ""; const char *attribute = left; /* Get information about the user if needed. */ if ((*pwd == NULL) && @@ -311,54 +311,47 @@ evaluate(pam_handle_t *pamh, int debug, if ((strcasecmp(left, "login") == 0) || (strcasecmp(left, "name") == 0) || (strcasecmp(left, "user") == 0)) { - snprintf(buf, sizeof(buf), "%s", user); - left = buf; + left = user; } else if (strcasecmp(left, "uid") == 0) { - snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_uid); - left = buf; + snprintf(numstr, sizeof(numstr), "%lu", + (unsigned long) (*pwd)->pw_uid); + left = numstr; } else if (strcasecmp(left, "gid") == 0) { - snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_gid); - left = buf; + snprintf(numstr, sizeof(numstr), "%lu", + (unsigned long) (*pwd)->pw_gid); + left = numstr; } else if (strcasecmp(left, "shell") == 0) { - snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_shell); - left = buf; + left = (*pwd)->pw_shell; } else if ((strcasecmp(left, "home") == 0) || (strcasecmp(left, "dir") == 0) || (strcasecmp(left, "homedir") == 0)) { - snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_dir); - left = buf; + left = (*pwd)->pw_dir; } else if (strcasecmp(left, "service") == 0) { const void *svc; if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS || svc == NULL) svc = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)svc); - left = buf; + left = (const char *)svc; } else if (strcasecmp(left, "ruser") == 0) { const void *ruser; if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS || ruser == NULL) ruser = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)ruser); - left = buf; - user = buf; + left = (const char *)ruser; } else if (strcasecmp(left, "rhost") == 0) { const void *rhost; if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS || rhost == NULL) rhost = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)rhost); - left = buf; + left = (const char *)rhost; } else if (strcasecmp(left, "tty") == 0) { const void *tty; if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || tty == NULL) tty = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)tty); - left = buf; - } - /* If we have no idea what's going on, return an error. */ - if (left != buf) { + left = (const char *)tty; + } else { + /* If we have no idea what's going on, return an error. */ pam_syslog(pamh, LOG_ERR, "unknown attribute \"%s\"", left); return PAM_SERVICE_ERR; } |