From d91f60b2125485f515c3d59d6ab2e55daf84e19e Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 18 Dec 2023 09:47:17 +0100
Subject: pam_access: fix nul byte handling in config

Even though NUL bytes are not supposed to show up in a configuration
file, treat them properly and avoid out of boundary accesses.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_access/pam_access.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'modules/pam_access')

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 85775114..e3ec441d 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -448,6 +448,8 @@ login_access (pam_handle_t *pamh, struct login_info *item)
     if ((fp = fopen(item->config_file, "r"))!=NULL) {
 	while (!match && fgets(line, sizeof(line), fp)) {
 	    lineno++;
+	    if (line[0] == 0)
+		continue;
 	    if (line[end = strlen(line) - 1] != '\n') {
 		pam_syslog(pamh, LOG_ERR,
                            "%s: line %zu: missing newline or line too long",
-- 
cgit v1.2.3