svn commit: r268888 - head/lib/libpam/modules/pam_group
Dag-Erling Smørgrav
des at FreeBSD.org
Sat Jul 19 20:55:13 UTC 2014
Author: des
Date: Sat Jul 19 20:55:13 2014
New Revision: 268888
URL: http://svnweb.freebsd.org/changeset/base/268888
Log:
Check if the specified group is the user's primary group before
iterating over the (possibly empty) list of members. Otherwise, we
get a false negative when the target group has no members listed in
/etc/group. This went mostly unnoticed because root is explicitly
listed as a member of wheel, so the bug is never triggered in the most
common use case, which is su(8).
PR: 109416
MFC after: 1 week
Modified:
head/lib/libpam/modules/pam_group/pam_group.c
Modified: head/lib/libpam/modules/pam_group/pam_group.c
==============================================================================
--- head/lib/libpam/modules/pam_group/pam_group.c Sat Jul 19 20:13:01 2014 (r268887)
+++ head/lib/libpam/modules/pam_group/pam_group.c Sat Jul 19 20:55:13 2014 (r268888)
@@ -96,14 +96,12 @@ pam_sm_authenticate(pam_handle_t *pamh,
if ((grp = getgrnam(group)) == NULL || grp->gr_mem == NULL)
goto failed;
- /* check if the group is empty */
- if (*grp->gr_mem == NULL)
- goto failed;
-
- /* check membership */
+ /* check if user's own primary group */
if (pwd->pw_gid == grp->gr_gid)
goto found;
- for (list = grp->gr_mem; *list != NULL; ++list)
+
+ /* iterate over members */
+ for (list = grp->gr_mem; list != NULL && *list != NULL; ++list)
if (strcmp(*list, pwd->pw_name) == 0)
goto found;
More information about the svn-src-head
mailing list