2 Errata 2019 02 22
Dag-Erling Smørgrav edited this page 2023-06-26 18:19:16 +00:00

Errata: Off-by-one error in pam_getenv()

Date:: 2019-02-22

Affects:: Resedacea, Radula

Description:: An error was introduced in OpenPAM Radula which causes the {{{pam_getenv()}}} function to return a pointer to the {{{'='}}} character which precedes the value of the requested variable, instead of a pointer to the value itself.

Workaround:: None.

Fix:: Apply the following patch:

--- lib/libpam/pam_getenv.c.orig
+++ lib/libpam/pam_getenv.c
@@ -58,19 +58,20 @@ const char *
 pam_getenv(pam_handle_t *pamh,
        const char *name)
 {
-       char *str;
+       size_t len;
        int i;
 
        ENTERS(name);
-       if (strchr(name, '=') != NULL) {
-               errno = EINVAL;
-               RETURNS(NULL);
+       for (len = 0; name[len] != '\0'; ++len) {
+               if (name[len] == '=') {
+                       errno = EINVAL;
+                       RETURNS(NULL);
+               }
        }
-       if ((i = openpam_findenv(pamh, name, strlen(name))) < 0)
+       if ((i = openpam_findenv(pamh, name, len)) < 0)
                RETURNS(NULL);
-       if ((str = strchr(pamh->env[i], '=')) == NULL)
-               RETURNS("");
-       RETURNS(str);
+       /* assert(pamh->env[i][len] == '='); */
+       RETURNS(pamh->env[i] + len + 1);
 }
 
 /**