Release version 1.2.1

Security fix: CVE-2015-3238

If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.

* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise

1 files changed, 7 insertions, 0 deletions

diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index 40084023..a8b64bb5 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -80,6 +80,13 @@
     </para>
 
     <para>
+      The maximum length of a password supported by the pam_unix module
+      via the helper binary is <emphasis>PAM_MAX_RESP_SIZE</emphasis>
+      - currently 512 bytes. The rest of the password provided by the
+      conversation function to the module will be ignored.
+    </para>
+
+    <para>
       The password component of this module performs the task of updating
       the user's password. The default encryption hash is taken from the
       <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from