d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If the user-provided password exceeds the maximum password length, don't

Browse Source 
bother passing it to crypt().  It won't succeed and may allow an attacker
to confirm that the user exists.

Reported by:	jkim@
MFC after:	1 week
Security:	CVE-2016-6210
This commit is contained in:
Dag-Erling Smørgrav 2017-10-26 13:23:13 +00:00
parent 0d73fface2
commit 79b67c8d4a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/libpam/modules/pam_unix/pam_unix.c
View File

@ -111,6 +111,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
openpam_get_option(pamh, PAM_OPT_NULLOK))
return (PAM_SUCCESS);
PAM_LOG("Password is empty, using fake password");
realpw = "*";
}
lc = login_getpwclass(pwd);
@ -125,6 +126,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
if (retval != PAM_SUCCESS)
return (retval);
PAM_LOG("Got password");
if (strnlen(pass, _PASSWORD_LEN + 1) > _PASSWORD_LEN) {
PAM_LOG("Password is too long, using fake password");
realpw = "*";
}
if (strcmp(crypt(pass, realpw), realpw) == 0)
return (PAM_SUCCESS);