diff options
| -rw-r--r-- | modules/pam_unix/support.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 75851508..e5415f59 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -646,6 +646,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name struct passwd *pwd = NULL; char *salt = NULL; char *data_name; + char pw[MAX_PASS + 1]; int retval; @@ -672,6 +673,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name); } + if (p != NULL && strlen(p) > MAX_PASS) { + memset(pw, 0, sizeof(pw)); + p = strncpy(pw, p, sizeof(pw) - 1); + } + if (retval != PAM_SUCCESS) { if (retval == PAM_UNIX_RUN_HELPER) { D(("running helper binary")); @@ -781,6 +787,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } cleanup: + memset(pw, 0, sizeof(pw)); /* clear memory of the password */ if (data_name) _pam_delete(data_name); if (salt) |