diff options
author | Ondrej Kos <okos@redhat.com> | 2013-06-24 16:58:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-18 16:06:07 +0200 |
commit | 1040b33d3ddc361b821a689162f66727fca6709d (patch) | |
tree | dd14cdbb5ac28ae741ec67840f3dcae5102b49cc /src/responder/pam | |
parent | 800c9402f74b1587aeddeb8160fb7d775b7cde25 (diff) | |
download | sssd-1040b33d3ddc361b821a689162f66727fca6709d.tar.gz sssd-1040b33d3ddc361b821a689162f66727fca6709d.tar.xz sssd-1040b33d3ddc361b821a689162f66727fca6709d.zip |
Do not try to set password when authtok_length is zero
https://fedorahosted.org/sssd/ticket/1814
When the authtok_length is zero, it shouldn't call
sss_authtok_set_password, because it tries to determine lenght of passed
string by itself and would read parts of DBus message behind boundaries
of authtok.
Diffstat (limited to 'src/responder/pam')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ff86a13a5..bf9a68623 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -65,8 +65,12 @@ static int extract_authtok_v2(TALLOC_CTX *mem_ctx, struct sss_auth_token *tok, sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: - ret = sss_authtok_set_password(tok, (const char *)auth_token_data, - auth_token_length); + if (auth_token_length == 0) { + sss_authtok_set_empty(tok); + } else { + ret = sss_authtok_set_password(tok, (const char *)auth_token_data, + auth_token_length); + } break; default: return EINVAL; |