rpms/pam
5
0
Fork 0
Code Issues Pull Requests Releases Activity

pam_pwhistory: fix passing NULL filename argument to pwhistory helper

Browse Source 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2023-10-19 17:21:30 +02:00
parent 554dc12e3d
commit ef58d71cf1
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
pam-1.5.3-pwhistory-null-filename-arg.patch Normal file
View File

@ -0,0 +1,64 @@
From 80dc2d410595b5193d32f965185710df27f3984e Mon Sep 17 00:00:00 2001
From: Md Zain Hasib <hasibm@vmware.com>
Date: Sat, 29 Jul 2023 11:01:35 +0530
Subject: [PATCH] pam_pwhistory: fix passing NULL filename argument to
pwhistory helper
This change fixes a bug when pwhistory_helper is invoked from
pam_pwhistory with an NULL filename, pwhistory_helper receives a short
circuited argc count of 3, ignoring the rest of the arguments passed
due to filename being NULL. To resolve the issue, an empty string is
passed in case the filename is empty, which is later changed back to
NULL in pwhistory_helper so that it can be passed to opasswd to read
the default opasswd file.
* modules/pam_pwhistory/pam_pwhistory.c (run_save_helper,
run_check_helper): Replace NULL filename argument with an empty string.
* modules/pam_pwhistory/pwhistory_helper.c (main): Replace empty string
filename argument with NULL.
Fixes: 11c35109a67f ("pam_pwhistory: Enable alternate location for password history file (#396)")
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
---
modules/pam_pwhistory/pam_pwhistory.c | 4 ++--
modules/pam_pwhistory/pwhistory_helper.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index 5a7fb811..98ddffce 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -141,7 +141,7 @@ run_save_helper(pam_handle_t *pamh, const char *user,
args[0] = (char *)PWHISTORY_HELPER;
args[1] = (char *)"save";
args[2] = (char *)user;
- args[3] = (char *)filename;
+ args[3] = (char *)((filename != NULL) ? filename : "");
DIAG_POP_IGNORE_CAST_QUAL;
if (asprintf(&args[4], "%d", howmany) < 0 ||
asprintf(&args[5], "%d", debug) < 0)
@@ -228,7 +228,7 @@ run_check_helper(pam_handle_t *pamh, const char *user,
args[0] = (char *)PWHISTORY_HELPER;
args[1] = (char *)"check";
args[2] = (char *)user;
- args[3] = (char *)filename;
+ args[3] = (char *)((filename != NULL) ? filename : "");
DIAG_POP_IGNORE_CAST_QUAL;
if (asprintf(&args[4], "%d", debug) < 0)
{
diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c
index 469d95fa..fb9a1e31 100644
--- a/modules/pam_pwhistory/pwhistory_helper.c
+++ b/modules/pam_pwhistory/pwhistory_helper.c
@@ -108,7 +108,7 @@ main(int argc, char *argv[])
option = argv[1];
user = argv[2];
- filename = argv[3];
+ filename = (argv[3][0] != '\0') ? argv[3] : NULL;
if (strcmp(option, "check") == 0 && argc == 5)
return check_history(user, filename, argv[4]);
--
2.41.0

7
pam.spec
View File

@ -4,7 +4,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.5.3 Version: 1.5.3
Release: 2%{?dist} Release: 3%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp and pam_loginuid modules are GPLv2+. # pam_timestamp and pam_loginuid modules are GPLv2+.
@ -25,6 +25,7 @@ Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch1: pam-1.5.3-redhat-modules.patch Patch1: pam-1.5.3-redhat-modules.patch
Patch2: pam-1.5.3-noflex.patch Patch2: pam-1.5.3-noflex.patch
Patch3: pam-1.5.3-unix-nomsg.patch Patch3: pam-1.5.3-unix-nomsg.patch
Patch4: pam-1.5.3-pwhistory-null-filename-arg.patch
%{load:%{SOURCE3}} %{load:%{SOURCE3}}
@ -118,6 +119,7 @@ cp %{SOURCE18} .
%patch -P 1 -p1 -b .redhat-modules %patch -P 1 -p1 -b .redhat-modules
%patch -P 2 -p1 -b .noflex %patch -P 2 -p1 -b .noflex
%patch -P 3 -p1 -b .nomsg %patch -P 3 -p1 -b .nomsg
%patch -P 4 -p1 -b .pwhistory-null-filename-arg
autoreconf -i autoreconf -i
@ -353,6 +355,9 @@ done
%{_pam_libdir}/libpam_misc.so.%{so_ver}* %{_pam_libdir}/libpam_misc.so.%{so_ver}*
%changelog %changelog
* Thu Oct 19 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.3-3
- pam_pwhistory: fix passing NULL filename argument to pwhistory helper
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild