summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_unix/pam_unix_passwd.c4
-rw-r--r--modules/pam_unix/passverify.c3
2 files changed, 5 insertions, 2 deletions
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 6ba2c2e6..498a81c6 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass)
char *s_luser, *s_uid, *s_npas, *s_pas;
int retval = PAM_SUCCESS;
FILE *opwfile;
+ size_t len = strlen(forwho);
opwfile = fopen(OLD_PASSWORDS_FILE, "r");
if (opwfile == NULL)
return PAM_ABORT;
while (fgets(buf, 16380, opwfile)) {
- if (!strncmp(buf, forwho, strlen(forwho))) {
+ if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
+ buf[len] == ',')) {
char *sptr;
buf[strlen(buf) - 1] = '\0';
s_luser = strtok_r(buf, ":,", &sptr);
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 089f4b83..52899552 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
int found = 0;
struct passwd *pwd = NULL;
struct stat st;
+ size_t len = strlen(forwho);
#ifdef WITH_SELINUX
security_context_t prev_context=NULL;
#endif
@@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
}
while (fgets(buf, 16380, opwfile)) {
- if (!strncmp(buf, forwho, strlen(forwho))) {
+ if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) {
char *sptr = NULL;
found = 1;
if (howmany == 0)