66 lines
1.7 KiB
Plaintext
66 lines
1.7 KiB
Plaintext
$NetBSD: patch-ab,v 1.4 2011/12/13 15:57:08 spz Exp $
|
|
|
|
- pkgsrcification
|
|
- prevention of CVE-2011-4122 taken from NetBSD src
|
|
|
|
--- lib/openpam_configure.c.orig 2007-12-21 11:36:24.000000000 +0000
|
|
+++ lib/openpam_configure.c
|
|
@@ -70,7 +70,7 @@ static int
|
|
match_word(const char *str, const char *word)
|
|
{
|
|
|
|
- while (*str && tolower(*str) == tolower(*word))
|
|
+ while (*str && tolower((unsigned char)*str) == tolower((unsigned char)*word))
|
|
++str, ++word;
|
|
return (*str == ' ' && *word == '\0');
|
|
}
|
|
@@ -194,7 +194,7 @@ openpam_read_chain(pam_handle_t *pamh,
|
|
}
|
|
|
|
/* allocate new entry */
|
|
- if ((this = calloc(1, sizeof *this)) == NULL)
|
|
+ if ((this = calloc((size_t)1, sizeof *this)) == NULL)
|
|
goto syserr;
|
|
|
|
/* control flag */
|
|
@@ -230,7 +230,7 @@ openpam_read_chain(pam_handle_t *pamh,
|
|
++this->optc;
|
|
q = next_word(q);
|
|
}
|
|
- this->optv = calloc(this->optc + 1, sizeof(char *));
|
|
+ this->optv = calloc((size_t)(this->optc + 1), sizeof(char *));
|
|
if (this->optv == NULL)
|
|
goto syserr;
|
|
for (i = 0; i < this->optc; ++i) {
|
|
@@ -263,11 +263,13 @@ openpam_read_chain(pam_handle_t *pamh,
|
|
return (-1);
|
|
}
|
|
|
|
+#ifndef SYSCONFDIR
|
|
+#define SYSCONFDIR "/usr/local/etc"
|
|
+#endif
|
|
+
|
|
static const char *openpam_policy_path[] = {
|
|
- "/etc/pam.d/",
|
|
- "/etc/pam.conf",
|
|
- "/usr/local/etc/pam.d/",
|
|
- "/usr/local/etc/pam.conf",
|
|
+ SYSCONFDIR "/pam.d/",
|
|
+ SYSCONFDIR "/pam.conf",
|
|
NULL
|
|
};
|
|
|
|
@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh,
|
|
size_t len;
|
|
int r;
|
|
|
|
+ /* Don't allow an escape from policy_path. */
|
|
+ if (strchr(service, '/') != NULL) {
|
|
+ openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service);
|
|
+ return (-PAM_SYSTEM_ERR);
|
|
+ }
|
|
+
|
|
for (path = openpam_policy_path; *path != NULL; ++path) {
|
|
len = strlen(*path);
|
|
if ((*path)[len - 1] == '/') {
|