summaryrefslogtreecommitdiff
path: root/src/responder/pam
diff options
context:
space:
mode:
authorOndrej Kos <okos@redhat.com>2013-06-24 16:58:23 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-07-18 16:04:42 +0200
commit3df593099ecb4b7570548bc14ca58960f79bc9b2 (patch)
tree02beb1d5a986bc769b1cc33fb0b34cf446f90d63 /src/responder/pam
parentd1ccb40d426d7c67dfa0c86cdabbb3ed9a7585eb (diff)
downloadsssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.tar.gz
sssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.tar.bz2
sssd-3df593099ecb4b7570548bc14ca58960f79bc9b2.zip
Do not try to set password when authtok_length is zero
https://fedorahosted.org/sssd/ticket/1814 When the authtok_length is zero, it shouldn't call sss_authtok_set_password, because it tries to determine lenght of passed string by itself and would read parts of DBus message behind boundaries of authtok.
Diffstat (limited to 'src/responder/pam')
-rw-r--r--src/responder/pam/pamsrv_cmd.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index ff86a13a..bf9a6862 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -65,8 +65,12 @@ static int extract_authtok_v2(TALLOC_CTX *mem_ctx, struct sss_auth_token *tok,
sss_authtok_set_empty(tok);
break;
case SSS_AUTHTOK_TYPE_PASSWORD:
- ret = sss_authtok_set_password(tok, (const char *)auth_token_data,
- auth_token_length);
+ if (auth_token_length == 0) {
+ sss_authtok_set_empty(tok);
+ } else {
+ ret = sss_authtok_set_password(tok, (const char *)auth_token_data,
+ auth_token_length);
+ }
break;
default:
return EINVAL;