summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog3
-rw-r--r--modules/pam_unix/support.c35
2 files changed, 27 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index b3c499a5..fcc56e4d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@
* modules/pam_pwhistory/pam_pwhistory.8.xml: Document the
special meaning of remember=0.
+ * modules/pam_unix/support.c (_set_ctrl): Do not crash when remember,
+ minlen, or rounds options are used with wrong module type.
+
2011-06-14 Thorsten Kukuk <kukuk@thkukuk.de>
* configure.in: Check for libtirpc by default.
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 0b8d4d64..cc350e58 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -83,7 +83,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
}
/* now parse the arguments to this module */
- while (argc-- > 0) {
+ for (; argc-- > 0; ++argv) {
int j;
D(("pam_unix arg: %s", *argv));
@@ -99,24 +99,37 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
pam_syslog(pamh, LOG_ERR,
"unrecognized option [%s]", *argv);
} else {
- ctrl &= unix_args[j].mask; /* for turning things off */
- ctrl |= unix_args[j].flag; /* for turning things on */
-
/* special cases */
- if (remember != NULL && j == UNIX_REMEMBER_PASSWD) {
+ if (j == UNIX_REMEMBER_PASSWD) {
+ if (remember == NULL) {
+ pam_syslog(pamh, LOG_ERR,
+ "option remember not allowed for this module type");
+ continue;
+ }
*remember = strtol(*argv + 9, NULL, 10);
if ((*remember == INT_MIN) || (*remember == INT_MAX))
*remember = -1;
if (*remember > 400)
*remember = 400;
- } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) {
+ } else if (j == UNIX_MIN_PASS_LEN) {
+ if (pass_min_len == NULL) {
+ pam_syslog(pamh, LOG_ERR,
+ "option minlen not allowed for this module type");
+ continue;
+ }
*pass_min_len = atoi(*argv + 7);
- }
- if (rounds != NULL && j == UNIX_ALGO_ROUNDS)
+ } else if (j == UNIX_ALGO_ROUNDS) {
+ if (rounds == NULL) {
+ pam_syslog(pamh, LOG_ERR,
+ "option rounds not allowed for this module type");
+ continue;
+ }
*rounds = strtol(*argv + 7, NULL, 10);
- }
+ }
- ++argv; /* step to next argument */
+ ctrl &= unix_args[j].mask; /* for turning things off */
+ ctrl |= unix_args[j].flag; /* for turning things on */
+ }
}
if (UNIX_DES_CRYPT(ctrl)
@@ -132,7 +145,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
}
/* Set default rounds for blowfish */
- if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) {
+ if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) {
*rounds = 5;
set(UNIX_ALGO_ROUNDS, ctrl);
}