From 65816326c285c5d5eec51766e1de329f177c28f7 Mon Sep 17 00:00:00 2001 From: Florian Best Date: Wed, 26 Jun 2019 13:49:23 +0200 Subject: Trim password at PAM_MAX_RESP_SIZE chars Issue #118: Protect against Denial of Service attacks. To prevent hashsum generation via crypt of very long passwords the password is now stripped to 512 characters. This is equivalent behavior to unix_chkpwd. --- modules/pam_unix/support.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 75851508..e5415f59 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -646,6 +646,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name struct passwd *pwd = NULL; char *salt = NULL; char *data_name; + char pw[MAX_PASS + 1]; int retval; @@ -672,6 +673,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name); } + if (p != NULL && strlen(p) > MAX_PASS) { + memset(pw, 0, sizeof(pw)); + p = strncpy(pw, p, sizeof(pw) - 1); + } + if (retval != PAM_SUCCESS) { if (retval == PAM_UNIX_RUN_HELPER) { D(("running helper binary")); @@ -781,6 +787,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } cleanup: + memset(pw, 0, sizeof(pw)); /* clear memory of the password */ if (data_name) _pam_delete(data_name); if (salt) -- cgit v1.2.3