Changeset 497 in openpam


Ignore:
Timestamp:
Nov 21, 2011, 4:25:49 PM (3 years ago)
Author:
des
Message:

Validate the service name, closing an attack vector for programs like
kcheckpass that let the user specify which policy to apply. See
<URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_configure.c

    r491 r497  
    557557{
    558558        pam_facility_t fclt;
     559        const char *p;
     560
     561        for (p = service; *p; ++p)
     562                if (!is_pfcs(*p))
     563                        return (PAM_SYSTEM_ERR);
    559564
    560565        if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS)
Note: See TracChangeset for help on using the changeset viewer.