summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew G. Morgan <morgan@kernel.org>2000-11-25 04:40:55 +0000
committerAndrew G. Morgan <morgan@kernel.org>2000-11-25 04:40:55 +0000
commitc5d2c9e20e5c6f42750c42397898ab0f1291544b (patch)
treee69c0fc438d59b04a0cc6aebdcd70dea5220a4dc
parent4ea47216da66274357b14d5d7488ccbde27d75c4 (diff)
Relevant BUGIDs: 123399
Purpose of commit: bugfix Commit summary: --------------- avoid possibility of SIGPIPE from helper binary non-invocation or early exit.
-rw-r--r--CHANGELOG2
-rw-r--r--modules/pam_pwdb/support.-c3
-rw-r--r--modules/pam_unix/support.c2
3 files changed, 5 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG
index f90cb3e6..f45da409 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id.
0.73: please submit patches for this section with actual code/doc
patches!
+* avoid potential SIGPIPE when writing to helper binaries with (Bug
+ 123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if
the replacement is too similar to the old password (Bug 115055 -
agmorgan)
diff --git a/modules/pam_pwdb/support.-c b/modules/pam_pwdb/support.-c
index 2cbcb576..d43e0554 100644
--- a/modules/pam_pwdb/support.-c
+++ b/modules/pam_pwdb/support.-c
@@ -378,13 +378,14 @@ static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd)
exit(PWDB_SUCCESS+1);
} else if (child > 0) {
/* wait for child */
- close(fds[0]);
if (passwd != NULL) { /* send the password to the child */
write(fds[1], passwd, strlen(passwd)+1);
passwd = NULL;
} else {
write(fds[1], "", 1); /* blank password */
}
+ close(fds[0]); /* we close this after the write because we want
+ to avoid a possible SIGPIPE. */
close(fds[1]);
(void) waitpid(child, &retval, 0); /* wait for helper to complete */
retval = (retval == PWDB_SUCCESS) ? PAM_SUCCESS:PAM_AUTH_ERR;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 256e4999..a0f2c52d 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -398,7 +398,6 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig
exit(PAM_AUTHINFO_UNAVAIL);
} else if (child > 0) {
/* wait for child */
- close(fds[0]);
/* if the stored password is NULL */
if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */
write(fds[1], "nullok\0\0", 8);
@@ -411,6 +410,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig
} else {
write(fds[1], "", 1); /* blank password */
}
+ close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
(void) waitpid(child, &retval, 0); /* wait for helper to complete */
retval = (retval == 0) ? PAM_SUCCESS:PAM_AUTH_ERR;