From 0323cbc3d94badc4d5e941a8fb679444dcb72bbb Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 11 Jul 2008 15:29:00 +0000 Subject: Relevant BUGIDs: #2009766 Purpose of commit: bugfix Commit summary: --------------- 2008-07-11 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do not close the pipe descriptor in borderline case (#2009766) * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close. --- modules/pam_unix/support.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/pam_unix/support.c') diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 781d0006..db630f51 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -427,14 +427,14 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* XXX - should really tidy up PAM here too */ - close(0); close(1); /* reopen stdin as pipe */ - close(fds[1]); dup2(fds[0], STDIN_FILENO); if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < (int)rlim.rlim_max; i++) { - if (fds[0] != i) + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) close(i); } } -- cgit v1.2.3