diff options
author | Ondrej Kos <okos@redhat.com> | 2013-06-24 16:58:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-18 16:04:42 +0200 |
commit | 3df593099ecb4b7570548bc14ca58960f79bc9b2 (patch) | |
tree | 02beb1d5a986bc769b1cc33fb0b34cf446f90d63 /src/responder/pam | |
parent | d1ccb40d426d7c67dfa0c86cdabbb3ed9a7585eb (diff) | |
download | sssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.tar.gz sssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.tar.bz2 sssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.zip |
Do not try to set password when authtok_length is zero
https://fedorahosted.org/sssd/ticket/1814
When the authtok_length is zero, it shouldn't call
sss_authtok_set_password, because it tries to determine lenght of passed
string by itself and would read parts of DBus message behind boundaries
of authtok.
Diffstat (limited to 'src/responder/pam')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ff86a13a..bf9a6862 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -65,8 +65,12 @@ static int extract_authtok_v2(TALLOC_CTX *mem_ctx, struct sss_auth_token *tok, sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: - ret = sss_authtok_set_password(tok, (const char *)auth_token_data, - auth_token_length); + if (auth_token_length == 0) { + sss_authtok_set_empty(tok); + } else { + ret = sss_authtok_set_password(tok, (const char *)auth_token_data, + auth_token_length); + } break; default: return EINVAL; |