diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.c | 5 |
2 files changed, 11 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2011-10-14 Kees Cook <kees@debian.org> + + * modules/pam_env/pam_env.c (_assemble_line): Correctly count leading + whitespace. + Fixes CVE-2011-3148. + Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 + 2011-10-10 Tomas Mraz <tm@t8m.info> * modules/pam_access/pam_access.c: Add hostname resolution diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 1ec01ca5..b7cd387f 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) char *p = buffer; char *s, *os; int used = 0; + int whitespace; /* loop broken with a 'break' when a non-'\\n' ended line is read */ @@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) /* skip leading spaces --- line may be blank */ - s = p + strspn(p, " \n\t"); + whitespace = strspn(p, " \n\t"); + s = p + whitespace; if (*s && (*s != '#')) { + used += whitespace; os = s; /* |