Changeset 807 in openpam


Ignore:
Timestamp:
Sep 9, 2014, 9:41:32 AM (6 years ago)
Author:
Dag-Erling Smørgrav
Message:

merge r802: require at least one service function to have succeeded.
merge r803: introduce strlset() and use it to clear authentication tokens
merge r804: remove keywords from text files
merge r805: include CVE numbers in change log
merge r806: prepare to release Ourouparia

Location:
branches/nooath
Files:
14 edited
2 copied

Legend:

Unmodified
Added
Removed
  • branches/nooath

  • branches/nooath/CREDITS

    • Property svn:keywords deleted
    r763 r807  
    4949        Wojciech A. Koszek <wkoszek@freebsd.org>
    5050        Yar Tikhiy <yar@freebsd.org>
    51 
    52 $Id$
  • branches/nooath/HISTORY

    • Property svn:keywords deleted
    r801 r807  
    1 OpenPAM ??????????                                              2014-??-??
     1OpenPAM Ourouparia                                              2014-09-11
     2
     3 - ENHANCE: When executing a chain, require at least one service
     4   function to succeed.  This mitigates fail-open scenarios caused by
     5   misconfigurations or missing modules.
     6
     7 - ENHANCE: Make sure to overwrite buffers which may have contained an
     8   authentication token when they're no longer needed.
    29
    310 - BUGFIX: Under certain circumstances, specifying a non-existent
    411   module (or misspelling the name of a module) in a policy could
    5    result in a fail-open scenario.
     12   result in a fail-open scenario.  (CVE-2014-3879)
    613
    714 - FEATURE: Add a search path for modules.  This was implemented in
     
    112119
    113120 - ENHANCE: added / improved input validation in many cases, including
    114    the policy file and some function arguments.
     121   the policy file and some function arguments.  (CVE-2011-4122)
    115122============================================================================
    116123OpenPAM Hydrangea                                               2007-12-21
     
    442449
    443450First (beta) release.
    444 ============================================================================
    445 $Id$
  • branches/nooath/INSTALL

    • Property svn:keywords deleted
    r648 r807  
    5555
    5656  # make install
    57 
    58 $Id$
  • branches/nooath/LICENSE

    • Property svn:keywords deleted
    r648 r807  
    3232OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    3333SUCH DAMAGE.
    34 
    35 $Id$
  • branches/nooath/README

    • Property svn:keywords deleted
    r648 r807  
    2424
    2525Please direct bug reports and inquiries to <des@des.no>.
    26 
    27 $Id$
  • branches/nooath/RELNOTES

    • Property svn:keywords deleted
    r714 r807  
    11
    2                   Release notes for OpenPAM ????????
    3                   ==================================
     2                 Release notes for OpenPAM Ourouparia
     3                 ====================================
    44
    55This release corresponds to the code used in FreeBSD HEAD as of the
     
    2121
    2222Please direct bug reports and inquiries to <des@des.no>.
    23 
    24 $Id$
  • branches/nooath/TODO

    • Property svn:keywords deleted
    r736 r807  
    1414   the no_warn module option.  This would eliminate the need for
    1515   FreeBSD's _pam_verbose_error().
    16 
    17 $Id$
  • branches/nooath/configure.ac

    r714 r807  
    8686AC_CHECK_FUNCS([fpurge])
    8787AC_CHECK_FUNCS([setlogmask])
    88 AC_CHECK_FUNCS([strlcat strlcmp strlcpy])
     88AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset])
    8989
    9090saved_LIBS="${LIBS}"
  • branches/nooath/include/security/openpam_version.h

    r737 r807  
    4040
    4141#define OPENPAM
    42 #define OPENPAM_VERSION 20130907
    43 #define OPENPAM_RELEASE "Nummularia"
     42#define OPENPAM_VERSION 20140911
     43#define OPENPAM_RELEASE "Ourouparia"
    4444
    4545#endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */
  • branches/nooath/lib/libpam/Makefile.am

    r660 r807  
    1919        openpam_strlcmp.h \
    2020        openpam_strlcpy.h \
     21        openpam_strlset.h \
    2122        openpam_vasprintf.h
    2223
     
    4546        openpam_set_feature.c \
    4647        openpam_static.c \
     48        openpam_straddch.c \
    4749        openpam_strlcat.c \
    4850        openpam_strlcpy.c \
    49         openpam_straddch.c \
     51        openpam_strlset.c \
    5052        openpam_subst.c \
    5153        openpam_vasprintf.c \
  • branches/nooath/lib/libpam/openpam_dispatch.c

    r649 r807  
    6464{
    6565        pam_chain_t *chain;
    66         int err, fail, r;
     66        int err, fail, nsuccess, r;
    6767        int debug;
    6868
     
    102102
    103103        /* execute */
    104         for (err = fail = 0; chain != NULL; chain = chain->next) {
     104        err = PAM_SUCCESS;
     105        fail = nsuccess = 0;
     106        for (; chain != NULL; chain = chain->next) {
    105107                if (chain->module->func[primitive] == NULL) {
    106108                        openpam_log(PAM_LOG_ERROR, "%s: no %s()",
     
    127129                if (r == PAM_IGNORE)
    128130                        continue;
    129                 if (r == PAM_SUCCESS) {
     131                if (r == PAM_SUCCESS) {
     132                        ++nsuccess;
    130133                        /*
    131134                         * For pam_setcred() and pam_chauthtok() with the
     
    149152                 * return code from the first required module to fail.
    150153                 */
    151                 if (err == 0)
     154                if (err == PAM_SUCCESS)
    152155                        err = r;
    153156                if ((chain->flag == PAM_REQUIRED ||
     
    171174        if (!fail && err != PAM_NEW_AUTHTOK_REQD)
    172175                err = PAM_SUCCESS;
     176
     177        /*
     178         * Require the chain to be non-empty, and at least one module
     179         * in the chain to be successful, so that we don't fail open.
     180         */
     181        if (err == PAM_SUCCESS && nsuccess < 1) {
     182                openpam_log(PAM_LOG_ERROR,
     183                    "all modules were unsuccessful for %s()",
     184                    pam_sm_func_name[primitive]);
     185                err = PAM_SYSTEM_ERR;
     186        }
     187
    173188        RETURNC(err);
    174189}
  • branches/nooath/lib/libpam/openpam_ttyconv.c

    r743 r807  
    5656
    5757#include "openpam_impl.h"
     58#include "openpam_strlset.h"
    5859
    5960int openpam_ttyconv_timeout = 0;
     
    367368        for (i = 0; i < n; ++i) {
    368369                if (aresp[i].resp != NULL) {
    369                         memset(aresp[i].resp, 0, strlen(aresp[i].resp));
     370                        strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE);
    370371                        FREE(aresp[i].resp);
    371372                }
  • branches/nooath/lib/libpam/pam_get_authtok.c

    r670 r807  
    4949
    5050#include "openpam_impl.h"
     51#include "openpam_strlset.h"
    5152
    5253static const char authtok_prompt[] = "Password:";
     
    141142                r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
    142143                if (r != PAM_SUCCESS) {
     144                        strlset(resp, 0, PAM_MAX_RESP_SIZE);
    143145                        FREE(resp);
    144146                        RETURNC(r);
    145147                }
    146                 if (strcmp(resp, resp2) != 0)
     148                if (strcmp(resp, resp2) != 0) {
     149                        strlset(resp, 0, PAM_MAX_RESP_SIZE);
    147150                        FREE(resp);
     151                }
     152                strlset(resp2, 0, PAM_MAX_RESP_SIZE);
    148153                FREE(resp2);
    149154        }
     
    151156                RETURNC(PAM_TRY_AGAIN);
    152157        r = pam_set_item(pamh, item, resp);
     158        strlset(resp, 0, PAM_MAX_RESP_SIZE);
    153159        FREE(resp);
    154160        if (r != PAM_SUCCESS)
Note: See TracChangeset for help on using the changeset viewer.