From c6c3b3f9f7f7024fbbaff3edf0f57c8cb945b4c5 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 21:44:59 +0000 Subject: pam_localuser: open the passwd file after user name validation Since user name is untrusted input, it should be validated earlier rather than later. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Open the passwd file after user name validation. --- modules/pam_localuser/pam_localuser.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'modules/pam_localuser') diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index e6dd72d0..249d09cf 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -95,29 +95,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } - /* open the file */ - fp = fopen(filename, "r"); - if(fp == NULL) { - pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m", - filename); - return PAM_SERVICE_ERR; - } - if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { pam_syslog (pamh, LOG_ERR, "user name not specified yet"); - fclose(fp); return PAM_SERVICE_ERR; } if ((user_len = strlen(user)) == 0) { pam_syslog (pamh, LOG_ERR, "user name not valid"); - fclose(fp); return PAM_SERVICE_ERR; } if (user_len > sizeof(line) - sizeof(":")) { pam_syslog (pamh, LOG_ERR, "user name too long"); - fclose(fp); return PAM_SERVICE_ERR; } @@ -126,10 +115,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, * "root:x" is not a local user name even if the passwd file * contains a line starting with "root:x:". */ - fclose(fp); return PAM_PERM_DENIED; } + /* Open the passwd file. */ + if ((fp = fopen(filename, "r")) == NULL) { + pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m", + filename); + return PAM_SERVICE_ERR; + } + /* * Scan the file using fgets() instead of fgetpwent_r() because * the latter is not flexible enough in handling long lines -- cgit v1.2.3