diff options
| -rw-r--r-- | modules/pam_nologin/pam_nologin.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 90ae6d04..50575e1f 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -6,7 +6,9 @@ #include "config.h" +#include <limits.h> #include <stdio.h> +#include <stdint.h> #include <stdlib.h> #include <unistd.h> #include <fcntl.h> @@ -111,7 +113,13 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) /* Don't print anything if the message is empty, will only disturb the output with empty lines */ if (st.st_size > 0) { - char *mtmp = malloc(st.st_size+1); + char *mtmp; + if ((uintmax_t)st.st_size > (uintmax_t)INT_MAX) { + pam_syslog(pamh, LOG_CRIT, "file too large"); + retval = PAM_SYSTEM_ERR; + goto clean_up_fd; + } + mtmp = malloc(st.st_size+1); if (!mtmp) { pam_syslog(pamh, LOG_CRIT, "out of memory"); retval = PAM_BUF_ERR; |