diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-06-16 15:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-06-16 15:00:00 +0000 |
| commit | efd2a79c11982d0feebebbf740506c9555120b97 (patch) | |
| tree | 18f08e784896ed904ed6a40fa5ef4aada8539f54 /libpam | |
| parent | 0adbaeb273da1d45213134aa271e95987103281c (diff) | |
pam_modutil_check_user_in_passwd: avoid timing attacks
* libpam/pam_modutil_check_user.c (pam_modutil_check_user_in_passwd): Do
not exit the file reading loop when the user is found, continue reading
the file to avoid timing attacks.
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/pam_modutil_check_user.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libpam/pam_modutil_check_user.c b/libpam/pam_modutil_check_user.c index 898b13a9..cf1bd1b5 100644 --- a/libpam/pam_modutil_check_user.c +++ b/libpam/pam_modutil_check_user.c @@ -60,7 +60,9 @@ pam_modutil_check_user_in_passwd(pam_handle_t *pamh, if (strncmp(user_name, line, user_len) == 0 && line[user_len] == ':') { rc = PAM_SUCCESS; - break; + /* + * Continue reading the file to avoid timing attacks. + */ } /* Has a newline been read? */ line_len = strlen(line); |