From a8490a0122f3be5e5613a8cd3a57e873c31cc682 Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Mon, 23 Sep 2002 17:33:22 +0000 Subject: [PATCH] Relevant BUGIDs: 521314 Purpose of commit: bugfix Commit summary: --------------- This code is needed to complete this bugfix. --- modules/pam_unix/support.c | 75 +++++++++++++++++----------------- modules/pam_unix/unix_chkpwd.c | 9 +++- 2 files changed, 45 insertions(+), 39 deletions(-) diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 98536d21..68f59a92 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -609,47 +609,48 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name retval = PAM_AUTHINFO_UNAVAIL; } } else { - if (!strlen(salt)) { - /* the stored password is NULL */ - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ - D(("user has empty password - access granted")); - retval = PAM_SUCCESS; - } else { - D(("user has empty password - access denied")); - retval = PAM_AUTH_ERR; - } - } else if (!p) { - retval = PAM_AUTH_ERR; + int salt_len = strlen(salt); + if (!salt_len) { + /* the stored password is NULL */ + if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */ + D(("user has empty password - access granted")); + retval = PAM_SUCCESS; } else { - if (!strncmp(salt, "$1$", 3)) { - pp = Goodcrypt_md5(p, salt); - if (strcmp(pp, salt) != 0) { - _pam_delete(pp); - pp = Brokencrypt_md5(p, salt); - } - } else { - pp = bigcrypt(p, salt); - } - p = NULL; /* no longer needed here */ + D(("user has empty password - access denied")); + retval = PAM_AUTH_ERR; + } + } else if (!p || (*salt == '*') || (salt_len < 13)) { + retval = PAM_AUTH_ERR; + } else { + if (!strncmp(salt, "$1$", 3)) { + pp = Goodcrypt_md5(p, salt); + if (strcmp(pp, salt) != 0) { + _pam_delete(pp); + pp = Brokencrypt_md5(p, salt); + } + } else { + pp = bigcrypt(p, salt); + } + p = NULL; /* no longer needed here */ - /* the moment of truth -- do we agree with the password? */ - D(("comparing state of pp[%s] and salt[%s]", pp, salt)); + /* the moment of truth -- do we agree with the password? */ + D(("comparing state of pp[%s] and salt[%s]", pp, salt)); - /* - * Note, we are comparing the bigcrypt of the password with - * the contents of the password field. If the latter was - * encrypted with regular crypt (and not bigcrypt) it will - * have been truncated for storage relative to the output - * of bigcrypt here. As such we need to compare only the - * stored string with the subset of bigcrypt's result. - * Bug 521314: The strncmp comparison is for legacy support. - */ - if (strncmp(pp, salt, strlen(salt)) == 0) { - retval = PAM_SUCCESS; - } else { - retval = PAM_AUTH_ERR; - } + /* + * Note, we are comparing the bigcrypt of the password with + * the contents of the password field. If the latter was + * encrypted with regular crypt (and not bigcrypt) it will + * have been truncated for storage relative to the output + * of bigcrypt here. As such we need to compare only the + * stored string with the subset of bigcrypt's result. + * Bug 521314: The strncmp comparison is for legacy support. + */ + if (strncmp(pp, salt, salt_len) == 0) { + retval = PAM_SUCCESS; + } else { + retval = PAM_AUTH_ERR; } + } } if (retval == PAM_SUCCESS) { diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 9ba11041..dd07960c 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -94,6 +94,7 @@ static int _unix_verify_password(const char *name, const char *p, int opt) char *salt = NULL; char *pp = NULL; int retval = UNIX_FAILED; + int salt_len; /* UNIX passwords area */ setpwent(); @@ -133,8 +134,10 @@ static int _unix_verify_password(const char *name, const char *p, int opt) return retval; } - if (strlen(salt) == 0) + salt_len = strlen(salt); + if (salt_len == 0) { return (opt == 0) ? UNIX_FAILED : UNIX_PASSED; + } /* the moment of truth -- do we agree with the password? */ retval = UNIX_FAILED; @@ -147,6 +150,8 @@ static int _unix_verify_password(const char *name, const char *p, int opt) if (strcmp(pp, salt) == 0) retval = UNIX_PASSED; } + } else if ((*salt == '*') || (salt_len < 13)) { + retval = UNIX_FAILED; } else { pp = bigcrypt(p, salt); /* @@ -158,7 +163,7 @@ static int _unix_verify_password(const char *name, const char *p, int opt) * stored string with the subset of bigcrypt's result. * Bug 521314: the strncmp comparison is for legacy support. */ - if (strncmp(pp, salt, strlen(salt)) == 0) { + if (strncmp(pp, salt, salt_len) == 0) { retval = UNIX_PASSED; } } -- 2.40.0