Fix matching of usernames in the pam_unix remember feature.

* modules/pam_unix/pam_unix_passwd.c (check_old_password): Make sure we match only the whole username in opasswd entry. * modules/pam_unix/passverify.c (save_old_password): Likewise make sure we match only the whole username in opasswd entry.
author: Tomas Mraz <tmraz@fedoraproject.org> 2012-01-03 12:30:43 +0100
committer: Tomas Mraz <tmraz@fedoraproject.org> 2012-01-03 12:30:43 +0100
commit: 0baf28fa03dfa46482e13390fd9a7545c30ccd7f (patch)
tree: 581dbefda9535ca93378dc748ee156c47f994853 /modules/pam_unix/pam_unix_passwd.c
parent: aea290af6d2de6a493e952b9ef8c771ab9014fef (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 6ba2c2e6..498a81c6 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass)
 	char *s_luser, *s_uid, *s_npas, *s_pas;
 	int retval = PAM_SUCCESS;
 	FILE *opwfile;
+	size_t len = strlen(forwho);
 
 	opwfile = fopen(OLD_PASSWORDS_FILE, "r");
 	if (opwfile == NULL)
 		return PAM_ABORT;
 
 	while (fgets(buf, 16380, opwfile)) {
-		if (!strncmp(buf, forwho, strlen(forwho))) {
+		if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
+			buf[len] == ',')) {
 			char *sptr;
 			buf[strlen(buf) - 1] = '\0';
 			s_luser = strtok_r(buf, ":,", &sptr);
author	Tomas Mraz <tmraz@fedoraproject.org>	2012-01-03 12:30:43 +0100
committer	Tomas Mraz <tmraz@fedoraproject.org>	2012-01-03 12:30:43 +0100
commit	0baf28fa03dfa46482e13390fd9a7545c30ccd7f (patch)
tree	581dbefda9535ca93378dc748ee156c47f994853 /modules/pam_unix/pam_unix_passwd.c
parent	aea290af6d2de6a493e952b9ef8c771ab9014fef (diff)