From: Steve Langasek <vorlon@debian.org>
Date: Sun, 13 Jul 2003 06:16:13 +0000 (+0000)
Subject: Relevant BUGIDs: patch 476968
X-Git-Tag: Linux-PAM-0-78-Beta1~39
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f0bc1227ecb8b29522bc09f09573ccd851b64cec;p=linux-pam

Relevant BUGIDs: patch 476968

Purpose of commit: bugfix

Commit summary:
---------------
Patch from Nalin Dahyabhai to prevent a buffer overflow in pam_issue
(rare, but could be triggered by a race condition when the admin updates
/etc/issue).
---

diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index 1f4853de..67f40c85 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -111,7 +111,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 		return PAM_IGNORE;
 	    }
 	    memset (prompt_tmp, '\0', st.st_size + 1);
-	    count = fread(prompt_tmp, sizeof(char *), st.st_size, fd);
+	    count = fread(prompt_tmp, 1, st.st_size, fd);
 	    if (count != st.st_size) {
 		free(prompt_tmp);
 		return PAM_IGNORE;