dd87776...
by
Tobias Stoeckmann <email address hidden>
pam_faildelay: validate parameter ranges
The function sscanf does not verify that a value parsed with %ld is
actually within the valid range of a long, allowing silent truncation.
When parsing FAIL_DELAY from login.defs, a mask of 0777 is applied
before performing range checks for strtol return value. Since this
mask does not make sense here, it is removed.
With these changes, values smaller than 0 or larger than UINT_MAX,
which is the actual limit for pam_fail_delay, are discarded and
logged.
9082c6c...
by
Tobias Stoeckmann <email address hidden>
libpam: check for INT_MAX limit in ioloop
The size arguments to pam_modutil_read and pam_modutil_write are of
type int. If a negative value is specified, fail with -1 instead of
returning 0, indicating "just" a short read or write.
1ece689...
by
Tobias Stoeckmann <email address hidden>
pam_nologin: prevent short read
If /etc/nologin is larger than INT_MAX, the error messages are
misleading. No unexpected internal read error occurs, but instead
the internal limitations are reached.
Indicate that the file is too large if it is larger than INT_MAX.
12e8290...
by
Tobias Stoeckmann <email address hidden>
pam_mkhomedir: do not follow symbolic links
Make sure that we do not follow any symbolic links within the home
directory of a user. If such a link exists, it must have been
created by someone else. Never follow them and just fail.