Description: abort when encountering an overflowed environment variable
 expansion (CVE-2011-3149).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
Author: Kees Cook <kees@debian.org>

Index: pam-debian/modules/pam_env/pam_env.c
===================================================================
--- pam-debian.orig/modules/pam_env/pam_env.c	2011-10-14 12:47:23.433861595 -0700
+++ pam-debian/modules/pam_env/pam_env.c	2011-10-14 12:47:23.461861963 -0700
@@ -567,6 +567,7 @@
 	D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
 	pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
 		 tmp, tmpptr);
+	return PAM_ABORT;
       }
       continue;
     }
@@ -628,6 +629,7 @@
 	    D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
 	    pam_syslog (pamh, LOG_ERR,
 			"Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+	    return PAM_ABORT;
 	  }
 	}
       }           /* if ('{' != *orig++) */
@@ -639,6 +641,7 @@
 	D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
 	pam_syslog(pamh, LOG_ERR,
 		   "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+	return PAM_ABORT;
       }
     }
   }              /* for (;*orig;) */