aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_exec
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_exec')
-rw-r--r--modules/pam_exec/pam_exec.8.xml3
-rw-r--r--modules/pam_exec/pam_exec.c4
2 files changed, 4 insertions, 3 deletions
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
index 23793668..d1b00a21 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -106,7 +106,8 @@
During authentication the calling command can read
the password from <citerefentry>
<refentrytitle>stdin</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
+ </citerefentry>. Only first <emphasis>PAM_MAX_RESP_SIZE</emphasis>
+ bytes of a password are provided to the command.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 5ab96303..17ba6ca2 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -178,11 +178,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
}
pam_set_item (pamh, PAM_AUTHTOK, resp);
- authtok = strdupa (resp);
+ authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
_pam_drop (resp);
}
else
- authtok = void_pass;
+ authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
if (pipe(fds) != 0)
{