From e35c10e9689df315a626ea6a119763993f95440b Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Fri, 1 May 2020 21:44:59 +0000
Subject: pam_localuser: reject user names that are too long

Too long user names used to be truncated which could potentially result
to false match and, consequently, to incorrect PAM_SUCCESS return value.

* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_SERVICE_ERR if the user name is too long.
---
 modules/pam_localuser/pam_localuser.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/pam_localuser')

diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index 4e05350e..2020eced 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -106,6 +106,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		return PAM_SYSTEM_ERR;
 	}
 
+	if (strlen(user) > sizeof(name) - sizeof(":")) {
+		pam_syslog (pamh, LOG_ERR, "user name too long");
+		fclose(fp);
+		return PAM_SERVICE_ERR;
+	}
+
 	if (strchr(user, ':') != NULL) {
 		/*
 		 * "root:x" is not a local user name even if the passwd file
-- 
cgit v1.2.3