From 378ff917604725de6109b2a039de963de1f3245b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 21:44:59 +0000 Subject: pam_localuser: get rid of a temporary buffer * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Do not copy the user name into a temporary buffer, use the user name itself in comparisons. --- modules/pam_localuser/pam_localuser.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'modules/pam_localuser') diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index a4cf94fb..3ce0aaa0 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -64,8 +64,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, FILE *fp; int debug = 0; const char *filename = "/etc/passwd"; - char line[LINE_MAX], name[LINE_MAX]; + char line[LINE_MAX]; const char* user; + size_t user_len; /* process arguments */ for(i = 0; i < argc; i++) { @@ -108,13 +109,13 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return PAM_SERVICE_ERR; } - if (strlen(user) == 0) { + if ((user_len = strlen(user)) == 0) { pam_syslog (pamh, LOG_ERR, "user name not valid"); fclose(fp); return PAM_SERVICE_ERR; } - if (strlen(user) > sizeof(name) - sizeof(":")) { + if (user_len > sizeof(line) - sizeof(":")) { pam_syslog (pamh, LOG_ERR, "user name too long"); fclose(fp); return PAM_SERVICE_ERR; @@ -132,13 +133,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, /* scan the file, using fgets() instead of fgetpwent() because i * don't want to mess with applications which call fgetpwent() */ ret = PAM_PERM_DENIED; - snprintf(name, sizeof(name), "%s:", user); - i = strlen(name); while(fgets(line, sizeof(line), fp) != NULL) { if(debug) { pam_syslog (pamh, LOG_DEBUG, "checking \"%s\"", line); } - if(strncmp(name, line, i) == 0) { + /* + * Does this line start with the user name + * followed by a colon? + */ + if (strncmp(user, line, user_len) == 0 && + line[user_len] == ':') { ret = PAM_SUCCESS; break; } -- cgit v1.2.3