0.73: please submit patches for this section with actual code/doc
patches!
+* avoid potential SIGPIPE when writing to helper binaries with (Bug
+ 123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if
the replacement is too similar to the old password (Bug 115055 -
agmorgan)
exit(PWDB_SUCCESS+1);
} else if (child > 0) {
/* wait for child */
- close(fds[0]);
if (passwd != NULL) { /* send the password to the child */
write(fds[1], passwd, strlen(passwd)+1);
passwd = NULL;
} else {
write(fds[1], "", 1); /* blank password */
}
+ close(fds[0]); /* we close this after the write because we want
+ to avoid a possible SIGPIPE. */
close(fds[1]);
(void) waitpid(child, &retval, 0); /* wait for helper to complete */
retval = (retval == PWDB_SUCCESS) ? PAM_SUCCESS:PAM_AUTH_ERR;
exit(PAM_AUTHINFO_UNAVAIL);
} else if (child > 0) {
/* wait for child */
- close(fds[0]);
/* if the stored password is NULL */
if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */
write(fds[1], "nullok\0\0", 8);
} else {
write(fds[1], "", 1); /* blank password */
}
+ close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
(void) waitpid(child, &retval, 0); /* wait for helper to complete */
retval = (retval == 0) ? PAM_SUCCESS:PAM_AUTH_ERR;
projects / linux-pam / commitdiff