summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2008-07-11 15:29:00 +0000
committerTomas Mraz <tm@t8m.info>2008-07-11 15:29:00 +0000
commit0323cbc3d94badc4d5e941a8fb679444dcb72bbb (patch)
tree7d06653cd71ca79f49139777656e601ba32dba67
parent6377bdbbfc0af3c88572f5108f55344af745a010 (diff)
Relevant BUGIDs: #2009766
Purpose of commit: bugfix Commit summary: --------------- 2008-07-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do not close the pipe descriptor in borderline case (#2009766) * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close.
-rw-r--r--ChangeLog10
-rw-r--r--modules/pam_unix/pam_unix_acct.c13
-rw-r--r--modules/pam_unix/pam_unix_passwd.c10
-rw-r--r--modules/pam_unix/support.c8
-rw-r--r--modules/pam_unix/support.h2
5 files changed, 26 insertions, 17 deletions
diff --git a/ChangeLog b/ChangeLog
index 52841d5b..0301b581 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2008-07-11 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
+ not close the pipe descriptor in borderline case (#2009766)
+ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
+ Likewise.
+ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
+ * modules/pam_unix/support.h: Define upper limit of fds we will
+ attempt to close.
+
2008-07-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_exec/pam_exec.c (call_exec): Move all variable
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index c09bc175..3a40d8d3 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -91,21 +91,21 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
/* fork */
child = fork();
if (child == 0) {
- size_t i=0;
+ int i=0;
struct rlimit rlim;
static char *envp[] = { NULL };
char *args[] = { NULL, NULL, NULL, NULL };
- close(0); close(1);
- /* reopen stdin as pipe */
- close(fds[0]);
+ /* reopen stdout as pipe */
dup2(fds[1], STDOUT_FILENO);
/* XXX - should really tidy up PAM here too */
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
- for (i=2; i < rlim.rlim_max; i++) {
- if ((unsigned int)fds[1] != i) {
+ if (rlim.rlim_max >= MAX_FD_NO)
+ rlim.rlim_max = MAX_FD_NO;
+ for (i=0; i < (int)rlim.rlim_max; i++) {
+ if (i != STDOUT_FILENO) {
close(i);
}
}
@@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
/* should not get here: exit with error */
- close (fds[1]);
D(("helper binary is not available"));
printf("-1\n");
exit(PAM_AUTHINFO_UNAVAIL);
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 0a429756..abb04c53 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -163,7 +163,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
/* fork */
child = fork();
if (child == 0) {
- size_t i=0;
+ int i=0;
struct rlimit rlim;
static char *envp[] = { NULL };
char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
@@ -171,14 +171,14 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
/* XXX - should really tidy up PAM here too */
- close(0); close(1);
/* reopen stdin as pipe */
- close(fds[1]);
dup2(fds[0], STDIN_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
- for (i=2; i < rlim.rlim_max; i++) {
- if ((unsigned int)fds[0] != i)
+ if (rlim.rlim_max >= MAX_FD_NO)
+ rlim.rlim_max = MAX_FD_NO;
+ for (i=0; i < (int)rlim.rlim_max; i++) {
+ if (i != STDIN_FILENO)
close(i);
}
}
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 781d0006..db630f51 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -427,14 +427,14 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
/* XXX - should really tidy up PAM here too */
- close(0); close(1);
/* reopen stdin as pipe */
- close(fds[1]);
dup2(fds[0], STDIN_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
- for (i=2; i < (int)rlim.rlim_max; i++) {
- if (fds[0] != i)
+ if (rlim.rlim_max >= MAX_FD_NO)
+ rlim.rlim_max = MAX_FD_NO;
+ for (i=0; i < (int)rlim.rlim_max; i++) {
+ if (i != STDIN_FILENO)
close(i);
}
}
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 9d4f8b85..a33dadaa 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -91,7 +91,6 @@ typedef struct {
/* -------------- */
#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */
-
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
{
/* symbol token name ctrl mask ctrl *
@@ -127,6 +126,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
+#define MAX_FD_NO 2000000
/* use this to free strings. ESPECIALLY password strings */