diff options
author | Mark Johnston <markj@FreeBSD.org> | 2021-02-23 22:01:29 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2021-02-24 01:42:01 +0000 |
commit | f8e0874a2d975f98fd87a63460faa4f09f84b33c (patch) | |
tree | 2a20d95fd846ed106e0ace5b98ba3145ae19ebe5 | |
parent | 602f1da04217967e7627be3fe19a56098ad29b6f (diff) | |
download | src-f8e0874a2d975f98fd87a63460faa4f09f84b33c.tar.gz src-f8e0874a2d975f98fd87a63460faa4f09f84b33c.zip |
pam_login_access: Fix negative entry matching logic
PR: 252194
Approved by: so
Security: CVE-2020-25580
Security: FreeBSD-SA-21:03.pam_login_access
(cherry picked from commit 6ab923cbca8759503a08683a5978b9ebf5efd607)
(cherry picked from commit c99e3e2d96935ae4d61948bf7660e9b9c2afb4d9)
-rw-r--r-- | lib/libpam/modules/pam_login_access/login_access.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c index 9496081d362e..719808858dac 100644 --- a/lib/libpam/modules/pam_login_access/login_access.c +++ b/lib/libpam/modules/pam_login_access/login_access.c @@ -137,10 +137,10 @@ list_match(char *list, const char *item, if (match != NO) { while ((tok = strtok((char *) 0, listsep)) && strcmp(tok, "EXCEPT")) { /* VOID */ ; - if (tok == NULL || list_match((char *) 0, item, match_fn, - login_access_opts) == NO) { + } + if (tok == NULL || + list_match((char *) 0, item, match_fn, login_access_opts) == NO) { return (match); - } } } return (NO); |