pam_localuser: open the passwd file after user name validation

Since user name is untrusted input, it should be validated earlier
rather than later.

* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Open
the passwd file after user name validation.

1 files changed, 7 insertions, 12 deletions

diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index e6dd72d0..249d09cf 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -95,29 +95,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		}
 	}
 
-	/* open the file */
-	fp = fopen(filename, "r");
-	if(fp == NULL) {
-		pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m",
-			    filename);
-		return PAM_SERVICE_ERR;
-	}
-
 	if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
 		pam_syslog (pamh, LOG_ERR, "user name not specified yet");
-		fclose(fp);
 		return PAM_SERVICE_ERR;
 	}
 
 	if ((user_len = strlen(user)) == 0) {
 		pam_syslog (pamh, LOG_ERR, "user name not valid");
-		fclose(fp);
 		return PAM_SERVICE_ERR;
 	}
 
 	if (user_len > sizeof(line) - sizeof(":")) {
 		pam_syslog (pamh, LOG_ERR, "user name too long");
-		fclose(fp);
 		return PAM_SERVICE_ERR;
 	}
 
@@ -126,10 +115,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		 * "root:x" is not a local user name even if the passwd file
 		 * contains a line starting with "root:x:".
 		 */
-		fclose(fp);
 		return PAM_PERM_DENIED;
 	}
 
+	/* Open the passwd file.  */
+	if ((fp = fopen(filename, "r")) == NULL) {
+		pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m",
+			    filename);
+		return PAM_SERVICE_ERR;
+	}
+
 	/*
 	 * Scan the file using fgets() instead of fgetpwent_r() because
 	 * the latter is not flexible enough in handling long lines