svn commit: r325802 - stable/10/lib/libpam/modules/pam_unix
Dag-Erling Smørgrav
des at FreeBSD.org
Tue Nov 14 10:49:08 UTC 2017
Author: des
Date: Tue Nov 14 10:49:07 2017
New Revision: 325802
URL: https://svnweb.freebsd.org/changeset/base/325802
Log:
MFH (r325010): don't bother verifying a password that we know is too long.
Reported by: jkim@
Security: CVE-2016-6210
Modified:
stable/10/lib/libpam/modules/pam_unix/pam_unix.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/lib/libpam/modules/pam_unix/pam_unix.c
==============================================================================
--- stable/10/lib/libpam/modules/pam_unix/pam_unix.c Tue Nov 14 10:48:30 2017 (r325801)
+++ stable/10/lib/libpam/modules/pam_unix/pam_unix.c Tue Nov 14 10:49:07 2017 (r325802)
@@ -111,6 +111,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_SUCCESS);
+ PAM_LOG("Password is empty, using fake password");
realpw = "*";
}
lc = login_getpwclass(pwd);
@@ -125,6 +126,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un
if (retval != PAM_SUCCESS)
return (retval);
PAM_LOG("Got password");
+ if (strnlen(pass, _PASSWORD_LEN + 1) > _PASSWORD_LEN) {
+ PAM_LOG("Password is too long, using fake password");
+ realpw = "*";
+ }
if (strcmp(crypt(pass, realpw), realpw) == 0)
return (PAM_SUCCESS);
More information about the svn-src-all
mailing list