diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2009-03-27 10:46:11 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2009-03-27 10:46:11 +0000 |
| commit | 5182ea70c8425d302c31386a325b869fcfef9671 (patch) | |
| tree | 154c0580e75b0ed772c9260f4d009dfdcf7c3f7b /modules/pam_unix/support.c | |
| parent | fd1b9361a937f8b565d0d55179da359122e1fc96 (diff) | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-27 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_run_helper_binary): Don't
ignore return value of write().
* libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour
NDEBUG.
* modules/pam_timestamp/pam_timestamp.c: don't ignore return
values of lchown and fchown.
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index dda617a0..98283502 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -120,13 +120,13 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("DISALLOW_NULL_AUTHTOK")); set(UNIX__NONULL, ctrl); } - + /* Set default rounds for blowfish */ if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { *rounds = 5; set(UNIX_ALGO_ROUNDS, ctrl); } - + /* Enforce sane "rounds" values */ if (on(UNIX_ALGO_ROUNDS, ctrl)) { if (on(UNIX_BLOWFISH_PASS, ctrl)) { @@ -478,10 +478,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* if the stored password is NULL */ int rc=0; if (passwd != NULL) { /* send the password to the child */ - write(fds[1], passwd, strlen(passwd)+1); + if (write(fds[1], passwd, strlen(passwd)+1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + close(fds[1]); + retval = PAM_AUTH_ERR; + } passwd = NULL; - } else { - write(fds[1], "", 1); /* blank password */ + } else { /* blank password */ + if (write(fds[1], "", 1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + close(fds[1]); + retval = PAM_AUTH_ERR; + } } close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); @@ -871,7 +879,7 @@ int _unix_read_password(pam_handle_t * pamh } /* ****************************************************************** * - * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Jan Rêkorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. * Copyright (c) Alex O. Yuriev, 1996. * Copyright (c) Cristian Gafton 1996. |