Relevant BUGIDs: 116076

Purpose of commit: bugfix

Commit summary:
---------------
Added pam_time/pam_group fixes for infinite loop when reading
'\\[^\n]' in their config files and also added support for '/'.
The latter makes both of these modules support modern tty handling.

diff --git a/CHANGELOG b/CHANGELOG
index f45da409ed6da9b7f2c0d0b638cb5fcc7bcaa3df..d574b6ff6a507ebdd339fe6a1de28cd26c0250d8 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,9 @@ Where you should replace XXXXX with a bug-id.
 0.73: please submit patches for this section with actual code/doc
       patches!
 
+* added support for '/' symbols in pam_time and pam_group config files
+  (support for modern terminal devices). Fixed infinite loop problem
+  with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
 * avoid potential SIGPIPE when writing to helper binaries with (Bug
   123399 - agmorgan)
 * replaced bogus logic in the pam_cracklib module for determining if

diff --git a/modules/pam_group/group.conf b/modules/pam_group/group.conf
index bdd76adbe68fa2b314133c69a35a06adbab66765..e721b9907eea46ebbd6e223218e12236aa6aed09 100644 (file)
--- a/modules/pam_group/group.conf
+++ b/modules/pam_group/group.conf
@@ -10,7 +10,7 @@
 # *** NOT inherently secure. If a user can create an executable that
 # *** is setgid a group that they are infrequently given membership
 # *** of, they can basically obtain group membership any time they
-# *** like. Example: games are alowed between the hours of 6pm and 6am
+# *** like. Example: games are allowed between the hours of 6pm and 6am
 # *** user joe logs in at 7pm writes a small C-program toplay.c that
 # *** invokes their favorite shell, compiles it and does
 # *** "chgrp games toplay; chmod g+s toplay". They are basically able

diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 2b820df2011b59ce46c4c5aca6aad9520531c7c4..af3c7ef33accca0b4fde3d4d7ea25354fb3bbb8c 100644 (file)
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -165,6 +165,8 @@ static int read_field(int fd, char **buf, int *from, int *to)
                if ((*buf)[i+1] == '\n') {
                    shift_bytes(i + *buf, 2, *to - (i+2));
                    *to -= 2;
+               } else {
+                   ++i;   /* we don't escape non-newline characters */
                }
                break;
            case '!':
@@ -245,7 +247,7 @@ static int logic_member(const char *string, int *at)
 
          default:
               if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
-                   || c == '-' || c == '.') {
+                   || c == '-' || c == '.' || c == '/') {
                    token = 1;
               } else if (token) {
                    --to;

diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index b3ce0df958ba1378c01c7910b090b44f4562476f..0964f776e1dcb3fe2a7a8cc1a85fb0a6816e870a 100644 (file)
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -166,6 +166,8 @@ static int read_field(int fd, char **buf, int *from, int *to)
                if ((*buf)[i+1] == '\n') {
                    shift_bytes(i + *buf, 2, *to - (i+2));
                    *to -= 2;
+               } else {
+                   ++i;   /* we don't escape non-newline characters */
                }
                break;
            case '!':
@@ -247,7 +249,7 @@ static int logic_member(const char *string, int *at)
 
          default:
               if (isalpha(c) || c == '*' || isdigit(c) || c == '_'
-                   || c == '-' || c == '.') {
+                   || c == '-' || c == '.' || c == '/') {
                    token = 1;
               } else if (token) {
                    --to;