diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-09-04 10:51:41 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-09-04 10:51:41 +0000 |
commit | e165d7bc3934136f4e22d417d7f429fa4cdd87d2 (patch) | |
tree | 893af5ef9e310fbf316c605c34ee8c89f2159961 /lib/libpam | |
parent | ec86402ecd3a4a8a7bb8651914cdd913ebcd37a4 (diff) | |
download | src-e165d7bc3934136f4e22d417d7f429fa4cdd87d2.tar.gz src-e165d7bc3934136f4e22d417d7f429fa4cdd87d2.zip |
For full Linux-PAM compatibility, add a trailing NUL character when
passing the authentication token to the external program.
Approved by: re (kib)
Submitted by: Thomas Munro <munro@ip9.org>
MFC after: 1 week
Differential Revision: D16950
Notes
Notes:
svn path=/head/; revision=338453
Diffstat (limited to 'lib/libpam')
-rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.8 | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.c | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8 index bf8e22452435..a6836a0792c0 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.8 +++ b/lib/libpam/modules/pam_exec/pam_exec.8 @@ -74,7 +74,8 @@ Ignored for compatibility reasons. Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function. .It Cm expose_authtok -Write the authentication token to the program's standard input stream. +Write the authentication token to the program's standard input stream, +followed by a NUL character. .It Cm -- Stop options parsing; program and its arguments follow. diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c index 2b0e92914348..dc4a47e22c08 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.c +++ b/lib/libpam/modules/pam_exec/pam_exec.c @@ -254,7 +254,8 @@ _pam_exec(pam_handle_t *pamh, } rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL); if (rc == PAM_SUCCESS) { - authtok_size = strlen(authtok); + /* We include the trailing NUL-terminator. */ + authtok_size = strlen(authtok) + 1; } else { openpam_log(PAM_LOG_ERROR, "%s: pam_get_authtok(): %s", func, pam_strerror(pamh, rc)); |