CVS commit: src/dist/openpam/lib
Module Name:src Committed By: drochner Date: Wed Nov 9 20:26:41 UTC 2011 Modified Files: src/dist/openpam/lib: openpam_configure.c Log Message: Don't allow '/' characters in the service argument to pam_start() The service is blindly appended to config directories (/etc/pam.d/), and if a user can control the service it can get PAM to read config files from any location. This is not a problem with most software because the service is usually a constant string. The check protects 3rd party software from being abused. (CVE-2011-4122) To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/dist/openpam/lib/openpam_configure.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/openpam/lib/openpam_configure.c diff -u src/dist/openpam/lib/openpam_configure.c:1.5 src/dist/openpam/lib/openpam_configure.c:1.6 --- src/dist/openpam/lib/openpam_configure.c:1.5 Sun Jan 27 01:22:59 2008 +++ src/dist/openpam/lib/openpam_configure.c Wed Nov 9 20:26:41 2011 @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_configure.c,v 1.5 2008/01/27 01:22:59 christos Exp $ + * $Id: openpam_configure.c,v 1.6 2011/11/09 20:26:41 drochner Exp $ */ #include ctype.h @@ -289,6 +289,12 @@ openpam_load_chain(pam_handle_t *pamh, size_t len; int r; + /* don't allow to escape from policy_path */ + if (strchr(service, '/')) { + openpam_log(PAM_LOG_ERROR, illegal service \%s\, service); + return (-PAM_SYSTEM_ERR); + } + for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') {
CVS commit: src/dist/openpam/lib
Module Name:src Committed By: christos Date: Wed Aug 17 09:55:41 UTC 2011 Modified Files: src/dist/openpam/lib: openpam_dispatch.c Log Message: fix gcc-4.5 cast warning To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/openpam/lib/openpam_dispatch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/openpam/lib/openpam_dispatch.c diff -u src/dist/openpam/lib/openpam_dispatch.c:1.4 src/dist/openpam/lib/openpam_dispatch.c:1.5 --- src/dist/openpam/lib/openpam_dispatch.c:1.4 Sat Jan 26 20:22:59 2008 +++ src/dist/openpam/lib/openpam_dispatch.c Wed Aug 17 05:55:41 2011 @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam_dispatch.c,v 1.4 2008/01/27 01:22:59 christos Exp $ + * $Id: openpam_dispatch.c,v 1.5 2011/08/17 09:55:41 christos Exp $ */ #include sys/param.h @@ -121,7 +121,7 @@ _pam_sm_func_name[primitive], chain-module-path); #endif r = (chain-module-func[primitive])(pamh, flags, - chain-optc, (const char **)chain-optv); + chain-optc, (void *)chain-optv); pamh-current = NULL; #ifdef DEBUG openpam_log(PAM_LOG_DEBUG, %s: %s(): %s,