svn commit: r228467 - stable/7/contrib/openpam/lib
Dag-Erling Smorgrav
des at FreeBSD.org
Tue Dec 13 13:03:11 UTC 2011
Author: des
Date: Tue Dec 13 13:03:11 2011
New Revision: 228467
URL: http://svn.freebsd.org/changeset/base/228467
Log:
MFH r228384: validate the service name
Security: some poorly thought out programs allow the user to specify
the service name; this patch makes it harder to trick these
programs into loading and executing arbitrary code.
Modified:
stable/7/contrib/openpam/lib/openpam_configure.c
Directory Properties:
stable/7/contrib/openpam/ (props changed)
Modified: stable/7/contrib/openpam/lib/openpam_configure.c
==============================================================================
--- stable/7/contrib/openpam/lib/openpam_configure.c Tue Dec 13 13:02:52 2011 (r228466)
+++ stable/7/contrib/openpam/lib/openpam_configure.c Tue Dec 13 13:03:11 2011 (r228467)
@@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh,
size_t len;
int r;
+ /* don't allow to escape from policy_path */
+ if (strchr(service, '/')) {
+ openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
+ service);
+ return (-PAM_SYSTEM_ERR);
+ }
+
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
More information about the svn-src-stable-7
mailing list