summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorFlorian Best <best@univention.de>2019-06-26 13:49:23 +0200
committerTomáš Mráz <t8m@users.noreply.github.com>2019-06-27 18:23:16 +0200
commit65816326c285c5d5eec51766e1de329f177c28f7 (patch)
treebc5b59f3d03aad32a8d6573ef2e3139f9f53cb7b /modules/pam_unix
parentb49488bc884454323553bb95b01a7765312fb515 (diff)
Trim password at PAM_MAX_RESP_SIZE chars
Issue #118: Protect against Denial of Service attacks. To prevent hashsum generation via crypt of very long passwords the password is now stripped to 512 characters. This is equivalent behavior to unix_chkpwd.
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/support.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 75851508..e5415f59 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -646,6 +646,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
struct passwd *pwd = NULL;
char *salt = NULL;
char *data_name;
+ char pw[MAX_PASS + 1];
int retval;
@@ -672,6 +673,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name);
}
+ if (p != NULL && strlen(p) > MAX_PASS) {
+ memset(pw, 0, sizeof(pw));
+ p = strncpy(pw, p, sizeof(pw) - 1);
+ }
+
if (retval != PAM_SUCCESS) {
if (retval == PAM_UNIX_RUN_HELPER) {
D(("running helper binary"));
@@ -781,6 +787,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
cleanup:
+ memset(pw, 0, sizeof(pw)); /* clear memory of the password */
if (data_name)
_pam_delete(data_name);
if (salt)