eec4358...
by
Tobias Stoeckmann <email address hidden>
pam_limits: avoid sscanf in parse_config_file
Even though sscanf is easy to use for scanning strings, it has the
drawback that the required memory has to be allocated beforehand.
Since variable "line" is not accessed anymore after sscanf, it is
easier to point into the memory assigned to "line". The function
strtok_r can be used as a replacement for sscanf.
525a62a...
by
Tobias Stoeckmann <email address hidden>
pam_unix: simplify save_old_password
The combination of snprintf and fputs is not needed. It is possible to
call fprintf directly. The previously ignored return value of snprintf
is covered this way as well.
cf492d0...
by
"Dmitry V. Levin" <email address hidden>
treewide: assume getline exists
Apparently, getline is being used unconditionally in pam_namespace and
pam_sepermit. In pam_namespace, it is being used since 2006 when the
module was introduced in the first place.
Let's assume getline is universally available and let's use it
unconditionally in other cases, too.
2c711ce...
by
Tobias Stoeckmann <email address hidden>
pam_unix: fix possible shadow signed overflows
It is possible to trigger signed integer overflows in
check_shadow_expiry if /etc/shadow contains very large values.
Since these values have to be set by a system administrator, it would
already count as a configuration error.
Yet, avoid overflows which would consider accounts which are supposed
to be valid for a veeery long time as already invalid. Also, it would
be undefined behavior for almost all C standards.
Also consider every negative value as invalid, not just -1. The shadow
project has different ways of handling these values, but this approach
is in sync with its lib/isexpired.c implementation.