diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 13 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 10 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 8 | ||||
| -rw-r--r-- | modules/pam_unix/support.h | 2 |
4 files changed, 16 insertions, 17 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index c09bc175..3a40d8d3 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -91,21 +91,21 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, /* fork */ child = fork(); if (child == 0) { - size_t i=0; + int i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; - close(0); close(1); - /* reopen stdin as pipe */ - close(fds[0]); + /* reopen stdout as pipe */ dup2(fds[1], STDOUT_FILENO); /* XXX - should really tidy up PAM here too */ if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < rlim.rlim_max; i++) { - if ((unsigned int)fds[1] != i) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDOUT_FILENO) { close(i); } } @@ -126,7 +126,6 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ - close (fds[1]); D(("helper binary is not available")); printf("-1\n"); exit(PAM_AUTHINFO_UNAVAIL); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 0a429756..abb04c53 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -163,7 +163,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* fork */ child = fork(); if (child == 0) { - size_t i=0; + int i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; @@ -171,14 +171,14 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* XXX - should really tidy up PAM here too */ - close(0); close(1); /* reopen stdin as pipe */ - close(fds[1]); dup2(fds[0], STDIN_FILENO); if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < rlim.rlim_max; i++) { - if ((unsigned int)fds[0] != i) + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) close(i); } } diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 781d0006..db630f51 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -427,14 +427,14 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* XXX - should really tidy up PAM here too */ - close(0); close(1); /* reopen stdin as pipe */ - close(fds[1]); dup2(fds[0], STDIN_FILENO); if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { - for (i=2; i < (int)rlim.rlim_max; i++) { - if (fds[0] != i) + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) close(i); } } diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 9d4f8b85..a33dadaa 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -91,7 +91,6 @@ typedef struct { /* -------------- */ #define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ - static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { /* symbol token name ctrl mask ctrl * @@ -127,6 +126,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +#define MAX_FD_NO 2000000 /* use this to free strings. ESPECIALLY password strings */ |