projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
4447fea
)
Sanitizing inputs on auth.c
author
Art Cancro
<ajc@citadel.org>
Fri, 25 Nov 2016 19:30:51 +0000
(14:30 -0500)
committer
Art Cancro
<ajc@citadel.org>
Fri, 25 Nov 2016 19:30:51 +0000
(14:30 -0500)
citadel/auth.c
patch
|
blob
|
history
diff --git
a/citadel/auth.c
b/citadel/auth.c
index 74fa9ebc321b6814ac3bab1bed45e6095b41d6a2..248b74bbea3162a2963e7a5ab8b3366fe0cff27a 100644
(file)
--- a/
citadel/auth.c
+++ b/
citadel/auth.c
@@
-3,7
+3,7
@@
* by Nathan Bryant, March 1999
* updated by Trey van Riper, June 2005
*
* by Nathan Bryant, March 1999
* updated by Trey van Riper, June 2005
*
- * Copyright (c) 1999-20
09
by the citadel.org team
+ * Copyright (c) 1999-20
16
by the citadel.org team
*
* This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License, version 3.
*
* This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License, version 3.
@@
-91,6
+91,10
@@
static int conv(int num_msg, const struct pam_message **msg,
int validate_password(uid_t uid, const char *pass)
{
int validate_password(uid_t uid, const char *pass)
{
+ if (pass == NULL) {
+ return(0);
+ }
+
#ifdef HAVE_PAM_START
struct pam_conv pc;
struct appdata data;
#ifdef HAVE_PAM_START
struct pam_conv pc;
struct appdata data;
@@
-105,7
+109,8
@@
int validate_password(uid_t uid, const char *pass)
struct passwd *pw;
int retval = 0;
struct passwd *pw;
int retval = 0;
- if ((pw = getpwuid(uid)) == NULL) {
+ pw = getpwuid(uid);
+ if (pw == NULL) {
return retval;
}
return retval;
}
@@
-115,30
+120,36
@@
int validate_password(uid_t uid, const char *pass)
int flags = PAM_DATA_SILENT;
#else
int flags = 0;
int flags = PAM_DATA_SILENT;
#else
int flags = 0;
-#endif
/* PAM_DATA_SILENT */
+#endif
pc.conv = conv;
pc.appdata_ptr = &data;
data.name = pw->pw_name;
data.pw = pass;
if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS)
pc.conv = conv;
pc.appdata_ptr = &data;
data.name = pw->pw_name;
data.pw = pass;
if (pam_start("citadel", pw->pw_name, &pc, &ph) != PAM_SUCCESS)
- return
retval
;
+ return
(0)
;
- if ((i = pam_authenticate(ph, flags)) == PAM_SUCCESS)
- if ((i = pam_acct_mgmt(ph, flags)) == PAM_SUCCESS)
+ if ((i = pam_authenticate(ph, flags)) == PAM_SUCCESS)
{
+ if ((i = pam_acct_mgmt(ph, flags)) == PAM_SUCCESS)
{
retval = -1;
retval = -1;
+ }
+ }
pam_end(ph, i | flags);
#else
crypted_pwd = pw->pw_passwd;
#ifdef HAVE_GETSPNAM
pam_end(ph, i | flags);
#else
crypted_pwd = pw->pw_passwd;
#ifdef HAVE_GETSPNAM
- if ((sp = getspnam(pw->pw_name)) != NULL)
+ if (pw == NULL) return(0);
+ if (pw->pw_name == NULL) return(0);
+ if ((sp = getspnam(pw->pw_name)) != NULL) {
crypted_pwd = sp->sp_pwdp;
crypted_pwd = sp->sp_pwdp;
+ }
#endif
#endif
- if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd))
+ if (!strcmp(crypt(pass, crypted_pwd), crypted_pwd))
{
retval = -1;
retval = -1;
+ }
#endif /* HAVE_PAM_START */
return retval;
#endif /* HAVE_PAM_START */
return retval;