1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
Patch for Debian bug #439984
pam_env was not correctly skipping over non-alphanumeric variable names,
and was not handling the PAM_BAD_ITEM error return from pam_putenv()
when clearing an unset variable.
Authors: Steve Langasek <vorlon@debian.org>
Upstream status: submitted in <20070830222058.GA9984@dario.dodds.net>
Index: pam/Linux-PAM/modules/pam_env/pam_env.c
===================================================================
--- pam.orig/Linux-PAM/modules/pam_env/pam_env.c
+++ pam/Linux-PAM/modules/pam_env/pam_env.c
@@ -232,9 +232,14 @@
for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ )
if (!isalnum(key[i]) && key[i] != '_') {
- D(("key is not alpha numeric - '%s', ignoring", key));
- continue;
+ pam_syslog(pamh, LOG_ERR,
+ "non-alphanumeric key '%s' in %s', ignoring",
+ key, file);
+ break;
}
+ /* non-alphanumeric key, ignore this line */
+ if (key[i] != '=' && key[i] != '\0')
+ continue;
/* now we try to be smart about quotes around the value,
but not too smart, we can't get all fancy with escaped
@@ -248,6 +253,14 @@
key[i] = '\0';
}
+ /* if this is a request to delete a variable, check that it's
+ actually set first, so we don't get a vague error back from
+ pam_putenv() */
+ for (i = 0; key[i] != '=' && key[i] != '\0'; i++);
+
+ if (key[i] == '\0' && !pam_getenv(pamh,key))
+ continue;
+
/* set the env var, if it fails, we break out of the loop */
retval = pam_putenv(pamh, key);
if (retval != PAM_SUCCESS) {
|
