Fix matching of usernames in the pam_unix remember feature.

author Tomas Mraz <tmraz@fedoraproject.org>

Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)

committer Tomas Mraz <tmraz@fedoraproject.org>

Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)
author Tomas Mraz <tmraz@fedoraproject.org>
Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)
committer Tomas Mraz <tmraz@fedoraproject.org>
Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c

index 6ba2c2e6e452d532ccf83feaa9bb84dff34ca91f..498a81c6ab179cedc15709c92118eeb391f7586b 100644 (file)
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass)
         char *s_luser, *s_uid, *s_npas, *s_pas;
         int retval = PAM_SUCCESS;
         FILE *opwfile;
+       size_t len = strlen(forwho);
  
         opwfile = fopen(OLD_PASSWORDS_FILE, "r");
         if (opwfile == NULL)
                 return PAM_ABORT;
  
         while (fgets(buf, 16380, opwfile)) {
-               if (!strncmp(buf, forwho, strlen(forwho))) {
+               if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
+                       buf[len] == ',')) {
                         char *sptr;
                         buf[strlen(buf) - 1] = '\0';
                         s_luser = strtok_r(buf, ":,", &sptr);
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c

index 089f4b836a96b6e82543bbcde5f5ce529d4ae27a..52899552d6e42d20313913a7436b1f7d4bd6ee98 100644 (file)
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
      int found = 0;
      struct passwd *pwd = NULL;
      struct stat st;
+    size_t len = strlen(forwho);
  #ifdef WITH_SELINUX
      security_context_t prev_context=NULL;
  #endif
@@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
      }
  
      while (fgets(buf, 16380, opwfile)) {
-       if (!strncmp(buf, forwho, strlen(forwho))) {
+       if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) {
             char *sptr = NULL;
             found = 1;
             if (howmany == 0)
author	Tomas Mraz <tmraz@fedoraproject.org>
	Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)
committer	Tomas Mraz <tmraz@fedoraproject.org>
	Tue, 3 Jan 2012 11:30:43 +0000 (12:30 +0100)
modules/pam_unix/pam_unix_passwd.c		patch \| blob \| history
modules/pam_unix/passverify.c		patch \| blob \| history