From: Thorsten Kukuk Date: Tue, 14 Sep 2004 13:48:38 +0000 (+0000) Subject: Relevant BUGIDs: X-Git-Tag: Linux-PAM-0-78-Beta1~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ff883e0d18e0c274da4689b6efa7064408d8c74b;p=linux-pam Relevant BUGIDs: Purpose of commit: Commit summary: --------------- bugfix: Bug 1027903 and 1027912 --- diff --git a/CHANGELOG b/CHANGELOG index 6ae4daa1..e510a164 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -82,6 +82,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX). (patch by "Dmitry V. Levin" ) (Bug 812567 - baggins). * doc/modules/pam_mkhomedir.sgml: Remove wrong debug options (Bug 591605 - kukuk) +* pam_unix: Call password checking helper whenever the password field + contains only one character (Bug 1027903 - kukuk) +* libpam/pam_start.c: All service names should be files below /etc/pam.d + and nothing else. Forbid paths. (Bug 1027912 - kukuk) 0.77: Mon Sep 23 10:25:42 PDT 2002 diff --git a/libpam/pam_start.c b/libpam/pam_start.c index ef1dae1d..f8955854 100644 --- a/libpam/pam_start.c +++ b/libpam/pam_start.c @@ -34,6 +34,11 @@ int pam_start ( return (PAM_BUF_ERR); } + /* All service names should be files below /etc/pam.d and nothing + else. Forbid paths. */ + if (strrchr(service_name, '/') != NULL) + service_name = strrchr(service_name, '/') + 1; + /* Mark the caller as the application - permission to do certain things is limited to a module or an application */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 1b55d23b..5486e12f 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -554,7 +554,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } retval = PAM_SUCCESS; - if (pwd == NULL || salt == NULL || !strcmp(salt, "x")) { + if (pwd == NULL || salt == NULL || strlen(salt) == 1) { if (geteuid()) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary"));