Fix matching of usernames in the pam_unix remember feature.

[linux-pam] / modules / pam_unix / passverify.c

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 089f4b836a96b6e82543bbcde5f5ce529d4ae27a..52899552d6e42d20313913a7436b1f7d4bd6ee98 100644 (file)
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
     int found = 0;
     struct passwd *pwd = NULL;
     struct stat st;
+    size_t len = strlen(forwho);
 #ifdef WITH_SELINUX
     security_context_t prev_context=NULL;
 #endif
@@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
     }
 
     while (fgets(buf, 16380, opwfile)) {
-       if (!strncmp(buf, forwho, strlen(forwho))) {
+       if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) {
            char *sptr = NULL;
            found = 1;
            if (howmany == 0)