svn commit: r228464 - stable/9/contrib/openpam/lib
Dag-Erling Smorgrav
des at FreeBSD.org
Tue Dec 13 12:59:39 UTC 2011
Author: des
Date: Tue Dec 13 12:59:39 2011
New Revision: 228464
URL: http://svn.freebsd.org/changeset/base/228464
Log:
MFH r228384: validate the service name
Approved by: re (kib)
Security: some poorly thought out programs allow the user to specify
the service name; this patch makes it harder to trick these
programs into loading and executing arbitrary code.
Modified:
stable/9/contrib/openpam/lib/openpam_configure.c
Directory Properties:
stable/9/contrib/openpam/ (props changed)
Modified: stable/9/contrib/openpam/lib/openpam_configure.c
==============================================================================
--- stable/9/contrib/openpam/lib/openpam_configure.c Tue Dec 13 11:54:51 2011 (r228463)
+++ stable/9/contrib/openpam/lib/openpam_configure.c Tue Dec 13 12:59:39 2011 (r228464)
@@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh,
size_t len;
int r;
+ /* don't allow to escape from policy_path */
+ if (strchr(service, '/')) {
+ openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
+ service);
+ return (-PAM_SYSTEM_ERR);
+ }
+
for (path = openpam_policy_path; *path != NULL; ++path) {
len = strlen(*path);
if ((*path)[len - 1] == '/') {
More information about the svn-src-stable-9
mailing list