From 32e4039784ba32a54406688b5bb71d3069381648 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 11 Nov 2023 20:42:56 +0100
Subject: pam_securetty: protect against invalid input files

If fgets encounters a file with a \0 at the beginning of a line, then
strlen()-1 would turn negative. Check if line has at least one
character in it.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_securetty/pam_securetty.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'modules/pam_securetty')

diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index 837c871b..e51b0062 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -158,8 +158,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 
     while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL)
 	   && retval) {
-	if (ttyfileline[strlen(ttyfileline) - 1] == '\n')
-	    ttyfileline[strlen(ttyfileline) - 1] = '\0';
+	size_t len;
+	len = strlen(ttyfileline);
+	if (len > 0 && ttyfileline[len - 1] == '\n')
+	    ttyfileline[len - 1] = '\0';
 
 	retval = ( strcmp(ttyfileline, uttyname)
 		   && (!ptname[0] || strcmp(ptname, uttyname)) );
@@ -211,9 +213,12 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
             fclose(consoleactivefile);
 
 	    if (p) {
+		size_t len;
+
 		/* remove the newline character at end */
-		if (line[strlen(line)-1] == '\n')
-		    line[strlen(line)-1] = 0;
+		len = strlen(line);
+		if (len && line[len-1] == '\n')
+		    line[len-1] = 0;
 
 		for (n = p; n != NULL; p = n+1) {
 		    if ((n = strchr(p, ' ')) != NULL)
-- 
cgit v1.2.3