~roguescholar/pam/+git/upstream:ldv/pam_pwhistory-pam_modutil_search_key

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

be9f2fc... by "Dmitry V. Levin" <email address hidden> on 2023-12-05

pam_pwhistory: fix memory leak on error path

* modules/pam_pwhistory/pwhistory_config.c (parse_config_file): Free
the result returned by pam_modutil_search_key when it becomes unused.

ebf711d... by Tobias Stoeckmann <email address hidden> on 2023-12-05

libpam_misc: use sig_atomic_t instead of int

Technically it's identical on pretty much all available systems,
but let's follow C specifications.

Signed-off-by: Tobias Stoeckmann <email address hidden>

36586fc... by Tobias Stoeckmann <email address hidden> on 2023-12-05

pam_setquota: plug memory leak

The result of pam_modutil_search_key must be freed.

Signed-off-by: Tobias Stoeckmann <email address hidden>

dd87776... by Tobias Stoeckmann <email address hidden> on 2023-12-05

pam_faildelay: validate parameter ranges

The function sscanf does not verify that a value parsed with %ld is
actually within the valid range of a long, allowing silent truncation.

When parsing FAIL_DELAY from login.defs, a mask of 0777 is applied
before performing range checks for strtol return value. Since this
mask does not make sense here, it is removed.

With these changes, values smaller than 0 or larger than UINT_MAX,
which is the actual limit for pam_fail_delay, are discarded and
logged.

Signed-off-by: Tobias Stoeckmann <email address hidden>

9082c6c... by Tobias Stoeckmann <email address hidden> on 2023-12-04

libpam: check for INT_MAX limit in ioloop

The size arguments to pam_modutil_read and pam_modutil_write are of
type int. If a negative value is specified, fail with -1 instead of
returning 0, indicating "just" a short read or write.

Signed-off-by: Tobias Stoeckmann <email address hidden>

54e4113... by Tobias Stoeckmann <email address hidden> on 2023-12-04

libpam: fix typos

Signed-off-by: Tobias Stoeckmann <email address hidden>

0779f46... by Tobias Stoeckmann <email address hidden> on 2023-12-04

pam_timestamp: check for ioloop errors

The pam_modutil_read and pam_modutil_write return values are signed.
Check for values smaller than 0 in case of errors.

Also limit key file sizes to INT_MAX due to internal limitations of
pam_modutil_read.

Signed-off-by: Tobias Stoeckmann <email address hidden>

1ece689... by Tobias Stoeckmann <email address hidden> on 2023-12-04

pam_nologin: prevent short read

If /etc/nologin is larger than INT_MAX, the error messages are
misleading. No unexpected internal read error occurs, but instead
the internal limitations are reached.

Indicate that the file is too large if it is larger than INT_MAX.

Signed-off-by: Tobias Stoeckmann <email address hidden>

40d8799... by Tobias Stoeckmann <email address hidden> on 2023-12-04

pam_echo: handle short reads

If the file parsed by pam_echo is larger than INT_MAX, then it is
possible that uninitialized memory is printed on screen.

The return value of pam_modutil_read is not negative if the size
argument (casted to an int) is negative. Instead 0 is returned.

This can also happen with any other file if a short read is triggered.

Check if file is fully parsed or not.

Signed-off-by: Tobias Stoeckmann <email address hidden>

12e8290... by Tobias Stoeckmann <email address hidden> on 2023-11-12

pam_mkhomedir: do not follow symbolic links

Make sure that we do not follow any symbolic links within the home
directory of a user. If such a link exists, it must have been
created by someone else. Never follow them and just fail.

Signed-off-by: Tobias Stoeckmann <email address hidden>