Relevant BUGIDs: 484252

Purpose of commit: bugfix

Commit summary:
---------------
pam_userdb was not paying close enough attention to password comparisons.
Bug report and fix from Vladimir Pastukhov.

diff --git a/CHANGELOG b/CHANGELOG
index 5a3d3e10b6c0ae223a0bc0b5d8f5d3689b3a3e7a..37fb76b9142027b212d5084ba4704f6874d18a1d 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,8 +49,10 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_userdb: require that all of typed password matches that in
+  database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan)
 * pam_malloc: revived malloc debugging code, now tied to
-  --enable-memory-debug and added strdup() (Bug 485454 - agmorgan)
+  --enable-memory-debug and added strdup() support (Bug 485454 - agmorgan)
 * pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan)
 * pam_rhosts: Nalin adds support for '+hostname', and zdd fix
   compilation warning. (Bug 476986 - agmorgan)

diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 8eb486cba1143786cd6739b01f5b6f4c559b8a0e..519ee8988468fefa80dfe48d73e07c34af3d4a16 100644 (file)
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -138,11 +138,14 @@ static int user_lookup(const char *user, const char *pass)
 
     if (data.dptr != NULL) {
        int compare = 0;
-       /* bingo, got it */
-       if (ctrl & PAM_ICASE_ARG)
-           compare = strncasecmp(pass, data.dptr, data.dsize);
-       else
-           compare = strncmp(pass, data.dptr, data.dsize);
+       
+       if (strlen(pass) != data.dsize) {
+           compare = 1;
+       } else if (ctrl & PAM_ICASE_ARG) {
+           compare = strncasecmp(data.dptr, pass, data.dsize);
+       } else {
+           compare = strncmp(data.dptr, pass, data.dsize);
+       }
        dbm_close(dbm);
        if (compare == 0)
            return 0; /* match */