From c8a2829b3b4c50b25c00f2b0a739cf330dad99a2 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 11 Nov 2023 19:50:50 +0100
Subject: pam_exec: fix stack overflow on \0 output

If an executed program prints \0 at the beginning of a line, then
pam_exec triggers an out of boundary read (and possible) write on
the stack.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_exec/pam_exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/pam_exec')

diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 9d2145dc..41f6c589 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -274,7 +274,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    {
 	      size_t len;
 	      len = strlen(buf);
-	      if (buf[len-1] == '\n')
+	      if (len > 0 && buf[len-1] == '\n')
 		buf[len-1] = '\0';
 	      pam_info(pamh, "%s", buf);
 	    }
-- 
cgit v1.2.3