aboutsummaryrefslogtreecommitdiff
path: root/share/security/patches/SA-11:10/pam.patch
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/patches/SA-11:10/pam.patch')
-rw-r--r--share/security/patches/SA-11:10/pam.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/share/security/patches/SA-11:10/pam.patch b/share/security/patches/SA-11:10/pam.patch
new file mode 100644
index 0000000000..a8d38235e8
--- /dev/null
+++ b/share/security/patches/SA-11:10/pam.patch
@@ -0,0 +1,18 @@
+Index: contrib/openpam/lib/openpam_configure.c
+===================================================================
+--- contrib/openpam/lib/openpam_configure.c (revision 228383)
++++ contrib/openpam/lib/openpam_configure.c (revision 228384)
+@@ -285,6 +285,13 @@
+ size_t len;
+ int r;
+
++ /* don't allow to escape from policy_path */
++ if (strchr(service, '/')) {
++ openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
++ service);
++ return (-PAM_SYSTEM_ERR);
++ }
++
+ for (path = openpam_policy_path; *path != NULL; ++path) {
+ len = strlen(*path);
+ if ((*path)[len - 1] == '/') {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 08:01:54 +0000