diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2011-12-13 13:02:31 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2011-12-13 13:02:31 +0000 |
| commit | 6c13b056bbf6d5a2f5b66e2e796321b34139deaa (patch) | |
| tree | 0f81023597c4824f0fdc945e8a09fec3c46776c6 | |
| parent | 691c2aa20a3d9cf525de73f0b1d86417a56d6373 (diff) | |
| download | src-6c13b056bbf6d5a2f5b66e2e796321b34139deaa.tar.gz src-6c13b056bbf6d5a2f5b66e2e796321b34139deaa.zip | |
MFH r228384: validate the service name
Approved by: re (kib)
Security: some poorly thought out programs allow the user to specify
the service name; this patch makes it harder to trick these
programs into loading and executing arbitrary code.
Notes
Notes:
svn path=/releng/9.0/; revision=228465
| -rw-r--r-- | contrib/openpam/lib/openpam_configure.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c index f9197adcfa47..688b2acc50b9 100644 --- a/contrib/openpam/lib/openpam_configure.c +++ b/contrib/openpam/lib/openpam_configure.c @@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh, size_t len; int r; + /* don't allow to escape from policy_path */ + if (strchr(service, '/')) { + openpam_log(PAM_LOG_ERROR, "invalid service name: %s", + service); + return (-PAM_SYSTEM_ERR); + } + for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { |