CVS commit: src/dist/openpam/lib

2011-11-09 Thread Matthias Drochner 
Module Name:src
Committed By:   drochner
Date:   Wed Nov  9 20:26:41 UTC 2011

Modified Files:
src/dist/openpam/lib: openpam_configure.c

Log Message:
Don't allow '/' characters in the service argument to pam_start()
The service is blindly appended to config directories (/etc/pam.d/),
and if a user can control the service it can get PAM to read config
files from any location.
This is not a problem with most software because the service is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/dist/openpam/lib/openpam_configure.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/openpam/lib/openpam_configure.c
diff -u src/dist/openpam/lib/openpam_configure.c:1.5 src/dist/openpam/lib/openpam_configure.c:1.6
--- src/dist/openpam/lib/openpam_configure.c:1.5	Sun Jan 27 01:22:59 2008
+++ src/dist/openpam/lib/openpam_configure.c	Wed Nov  9 20:26:41 2011
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_configure.c,v 1.5 2008/01/27 01:22:59 christos Exp $
+ * $Id: openpam_configure.c,v 1.6 2011/11/09 20:26:41 drochner Exp $
  */
 
 #include ctype.h
@@ -289,6 +289,12 @@ openpam_load_chain(pam_handle_t *pamh,
 	size_t len;
 	int r;
 
+	/* don't allow to escape from policy_path */
+	if (strchr(service, '/')) {
+		openpam_log(PAM_LOG_ERROR, illegal service \%s\, service);
+		return (-PAM_SYSTEM_ERR);
+	}
+
 	for (path = openpam_policy_path; *path != NULL; ++path) {
 		len = strlen(*path);
 		if ((*path)[len - 1] == '/') {

CVS commit: src/dist/openpam/lib

2011-08-17 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Aug 17 09:55:41 UTC 2011

Modified Files:
src/dist/openpam/lib: openpam_dispatch.c

Log Message:
fix gcc-4.5 cast warning


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/dist/openpam/lib/openpam_dispatch.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/dist/openpam/lib/openpam_dispatch.c
diff -u src/dist/openpam/lib/openpam_dispatch.c:1.4 src/dist/openpam/lib/openpam_dispatch.c:1.5
--- src/dist/openpam/lib/openpam_dispatch.c:1.4	Sat Jan 26 20:22:59 2008
+++ src/dist/openpam/lib/openpam_dispatch.c	Wed Aug 17 05:55:41 2011
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: openpam_dispatch.c,v 1.4 2008/01/27 01:22:59 christos Exp $
+ * $Id: openpam_dispatch.c,v 1.5 2011/08/17 09:55:41 christos Exp $
  */
 
 #include sys/param.h
@@ -121,7 +121,7 @@
 			_pam_sm_func_name[primitive], chain-module-path);
 #endif
 			r = (chain-module-func[primitive])(pamh, flags,
-			chain-optc, (const char **)chain-optv);
+			chain-optc, (void *)chain-optv);
 			pamh-current = NULL;
 #ifdef DEBUG
 			openpam_log(PAM_LOG_DEBUG, %s: %s(): %s,