diff options
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | libpam/pam_handlers.c | 18 |
2 files changed, 18 insertions, 2 deletions
@@ -77,6 +77,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). cached chain (Bug 629251 - t8m) * pam_nologin: don't overwrite return value with return from pam_get_item (t8m) +* libpam: Add more checks for broken PAM configuration files to + avoid seg.faults (kukuk) 0.78: Do Nov 18 14:48:36 CET 2004 diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c index 75519551..9d880ff1 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c @@ -113,7 +113,14 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f , this_service)); tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (!_pam_strCMP("auth", tok)) { + if (tok == NULL) { + /* module type does not exist */ + D(("_pam_init_handlers: empty module type for %s", this_service)); + _pam_system_log(LOG_ERR, "(%s) empty module type", this_service); + module_type = (requested_module_type != PAM_T_ANY) ? + requested_module_type : PAM_T_AUTH; /* most sensitive */ + must_fail = 1; /* install as normal but fail when dispatched */ + } else if (!_pam_strCMP("auth", tok)) { module_type = PAM_T_AUTH; } else if (!_pam_strCMP("session", tok)) { module_type = PAM_T_SESS; @@ -146,7 +153,14 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f actions[i++] = _PAM_ACTION_UNDEF); } tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (!_pam_strCMP("required", tok)) { + if (tok == NULL) { + /* no module name given */ + D(("_pam_init_handlers: no control flag supplied")); + _pam_system_log(LOG_ERR, + "(%s) no control flag supplied", this_service); + _pam_set_default_control(actions, _PAM_ACTION_BAD); + must_fail = 1; + } else if (!_pam_strCMP("required", tok)) { D(("*PAM_F_REQUIRED*")); actions[PAM_SUCCESS] = _PAM_ACTION_OK; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; |