From: Andrew G. Morgan Date: Sat, 25 Nov 2000 04:40:55 +0000 (+0000) Subject: Relevant BUGIDs: 123399 X-Git-Tag: Linux-PAM-0-73~8 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c5d2c9e20e5c6f42750c42397898ab0f1291544b;p=linux-pam Relevant BUGIDs: 123399 Purpose of commit: bugfix Commit summary: --------------- avoid possibility of SIGPIPE from helper binary non-invocation or early exit. --- diff --git a/CHANGELOG b/CHANGELOG index f90cb3e6..f45da409 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id. 0.73: please submit patches for this section with actual code/doc patches! +* avoid potential SIGPIPE when writing to helper binaries with (Bug + 123399 - agmorgan) * replaced bogus logic in the pam_cracklib module for determining if the replacement is too similar to the old password (Bug 115055 - agmorgan) diff --git a/modules/pam_pwdb/support.-c b/modules/pam_pwdb/support.-c index 2cbcb576..d43e0554 100644 --- a/modules/pam_pwdb/support.-c +++ b/modules/pam_pwdb/support.-c @@ -378,13 +378,14 @@ static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd) exit(PWDB_SUCCESS+1); } else if (child > 0) { /* wait for child */ - close(fds[0]); if (passwd != NULL) { /* send the password to the child */ write(fds[1], passwd, strlen(passwd)+1); passwd = NULL; } else { write(fds[1], "", 1); /* blank password */ } + close(fds[0]); /* we close this after the write because we want + to avoid a possible SIGPIPE. */ close(fds[1]); (void) waitpid(child, &retval, 0); /* wait for helper to complete */ retval = (retval == PWDB_SUCCESS) ? PAM_SUCCESS:PAM_AUTH_ERR; diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 256e4999..a0f2c52d 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -398,7 +398,6 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ - close(fds[0]); /* if the stored password is NULL */ if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ write(fds[1], "nullok\0\0", 8); @@ -411,6 +410,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsig } else { write(fds[1], "", 1); /* blank password */ } + close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); (void) waitpid(child, &retval, 0); /* wait for helper to complete */ retval = (retval == 0) ? PAM_SUCCESS:PAM_AUTH_ERR;