Changeset 796 in openpam
- Timestamp:
- Jun 3, 2014, 9:30:08 PM (7 years ago)
- Location:
- branches/nooath
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/nooath
-
branches/nooath/HISTORY
r737 r796 1 OpenPAM ?????????? 2014-??-?? 2 3 - BUGFIX: Under certain circumstances, specifying a non-existent 4 module (or misspelling the name of a module) in a policy could 5 result in a fail-open scenario. 6 7 - BUGFIX: The is_upper() predicate only accepted the letter A as an 8 upper-case character instead of the entire A-Z range. As a result, 9 service and module names containing upper-case letters other than A 10 would be rejected. 11 ============================================================================ 1 12 OpenPAM Nummularia 2013-09-07 2 13 -
branches/nooath/lib/libpam/openpam_configure.c
r667 r796 1 1 /*- 2 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-201 2Dag-Erling Smørgrav3 * Copyright (c) 2004-2014 Dag-Erling Smørgrav 4 4 * All rights reserved. 5 5 * … … 194 194 "%s(%d): missing or invalid facility", 195 195 filename, lineno); 196 errno = EINVAL; 196 197 goto fail; 197 198 } … … 209 210 "%s(%d): missing or invalid service name", 210 211 filename, lineno); 212 errno = EINVAL; 211 213 goto fail; 212 214 } … … 215 217 "%s(%d): garbage at end of line", 216 218 filename, lineno); 219 errno = EINVAL; 217 220 goto fail; 218 221 } 219 222 ret = openpam_load_chain(pamh, servicename, fclt); 220 223 FREEV(wordc, wordv); 221 if (ret < 0) 224 if (ret < 0) { 225 /* 226 * Bogus errno, but this ensures that the 227 * outer loop does not just ignore the 228 * error and keep searching. 229 */ 230 if (errno == ENOENT) 231 errno = EINVAL; 222 232 goto fail; 233 } 223 234 continue; 224 235 } … … 230 241 "%s(%d): missing or invalid control flag", 231 242 filename, lineno); 243 errno = EINVAL; 232 244 goto fail; 233 245 } … … 239 251 "%s(%d): missing or invalid module name", 240 252 filename, lineno); 253 errno = EINVAL; 241 254 goto fail; 242 255 } … … 248 261 249 262 /* load module */ 250 if ((this->module = openpam_load_module(modulename)) == NULL) 263 if ((this->module = openpam_load_module(modulename)) == NULL) { 264 if (errno == ENOENT) 265 errno = ENOEXEC; 251 266 goto fail; 267 } 252 268 253 269 /* … … 282 298 * can happen for four different reasons: an I/O error (ferror(f) 283 299 * is true), a memory allocation failure (ferror(f) is false, 284 * errno is non-zero) 300 * feof(f) is false, errno is non-zero), the file ended with an 301 * unterminated quote or backslash escape (ferror(f) is false, 302 * feof(f) is true, errno is non-zero), or the end of the file was 303 * reached without error (ferror(f) is false, feof(f) is true, 304 * errno is zero). 285 305 */ 286 306 if (ferror(f) || errno != 0) … … 403 423 ret = openpam_load_file(pamh, service, facility, 404 424 filename, style); 425 /* success */ 426 if (ret > 0) 427 RETURNN(ret); 405 428 /* the file exists, but an error occurred */ 406 429 if (ret == -1 && errno != ENOENT) … … 412 435 413 436 /* no hit */ 414 RETURNN(0); 437 errno = ENOENT; 438 RETURNN(-1); 415 439 } 416 440 … … 433 457 RETURNC(PAM_SYSTEM_ERR); 434 458 } 435 if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) 436 goto load_err; 459 if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) { 460 if (errno != ENOENT) 461 goto load_err; 462 } 437 463 for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { 438 464 if (pamh->chains[fclt] != NULL)
Note: See TracChangeset
for help on using the changeset viewer.