Changeset 497 in openpam


Ignore:
Timestamp:
Nov 21, 2011, 4:25:49 PM (2 years ago)
Author:
des
Message:

Validate the service name, closing an attack vector for programs like
kcheckpass that let the user specify which policy to apply. See
<URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/openpam_configure.c

    r491 r497  
    557557{ 
    558558        pam_facility_t fclt; 
     559        const char *p; 
     560 
     561        for (p = service; *p; ++p) 
     562                if (!is_pfcs(*p)) 
     563                        return (PAM_SYSTEM_ERR); 
    559564 
    560565        if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS) 
Note: See TracChangeset for help on using the changeset viewer.