5b6ef5fcbd
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216) - pam_access: improve handling of hostname resolution
103 lines
2.7 KiB
Diff
103 lines
2.7 KiB
Diff
--- libpam/pam_misc.c 6 Dec 2007 20:20:07 -0000 1.9
|
||
+++ libpam/pam_misc.c 25 Feb 2009 13:48:23 -0000
|
||
@@ -59,10 +59,11 @@
|
||
|
||
/* initialize table */
|
||
for (i=1; i<256; table[i++] = '\0');
|
||
- for (i=0; format[i] ; table[(int)format[i++]] = 'y');
|
||
+ for (i=0; format[i] ;
|
||
+ table[(unsigned char)format[i++]] = 'y');
|
||
|
||
/* look for first non-format char */
|
||
- while (*from && table[(int)*from]) {
|
||
+ while (*from && table[(unsigned char)*from]) {
|
||
++from;
|
||
}
|
||
|
||
@@ -92,7 +93,7 @@
|
||
remains */
|
||
} else if (*from) {
|
||
/* simply look for next blank char */
|
||
- for (end=from; *end && !table[(int)*end]; ++end);
|
||
+ for (end=from; *end && !table[(unsigned char)*end]; ++end);
|
||
} else {
|
||
return (*next = NULL); /* no tokens left */
|
||
}
|
||
--- tests/Makefile.am 2 Sep 2007 17:02:53 -0000 1.5
|
||
+++ tests/Makefile.am 25 Feb 2009 13:48:24 -0000
|
||
@@ -1,5 +1,5 @@
|
||
#
|
||
-# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
|
||
+# Copyright (c) 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
|
||
#
|
||
|
||
AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
|
||
@@ -11,9 +11,9 @@
|
||
TESTS = tst-pam_start tst-pam_end tst-pam_fail_delay tst-pam_open_session \
|
||
tst-pam_close_session tst-pam_acct_mgmt tst-pam_authenticate \
|
||
tst-pam_chauthtok tst-pam_setcred tst-pam_get_item tst-pam_set_item \
|
||
- tst-pam_getenvlist tst-pam_get_user tst-pam_set_data
|
||
+ tst-pam_getenvlist tst-pam_get_user tst-pam_set_data \
|
||
+ tst-pam_mkargv
|
||
|
||
check_PROGRAMS = ${TESTS} tst-dlopen
|
||
|
||
tst_dlopen_LDADD = -ldl
|
||
-
|
||
--- /dev/null 1 Jan 1970 00:00:00 -0000
|
||
+++ tests/tst-pam_mkargv.c 25 Feb 2009 13:48:24 -0000
|
||
@@ -0,0 +1,52 @@
|
||
+/*
|
||
+ Copyright (C) Thorsten Kukuk <kukuk@suse.de> 2009
|
||
+
|
||
+ This program is free software; you can redistribute it and/or modify
|
||
+ it under the terms of the GNU General Public License as published by
|
||
+ the Free Software Foundation in version 2 of the License
|
||
+
|
||
+*/
|
||
+
|
||
+#ifdef HAVE_CONFIG_H
|
||
+# include <config.h>
|
||
+#endif
|
||
+
|
||
+#include <stdio.h>
|
||
+
|
||
+#include "libpam/pam_misc.c"
|
||
+
|
||
+/* Simple program to see if _pam_mkargv() would succeed. */
|
||
+int main(void)
|
||
+{
|
||
+ char *argvstring = "user = XENDT\\userα user=XENDT\\user1";
|
||
+ const char *argvresult[] = {"user", "=", "XENDT\\userα",
|
||
+ "user=XENDT\\user1"};
|
||
+ int myargc;
|
||
+ char **myargv;
|
||
+ int argvlen;
|
||
+ int i;
|
||
+
|
||
+ argvlen = _pam_mkargv(argvstring, &myargv, &myargc);
|
||
+
|
||
+#if 0
|
||
+ printf ("argvlen=%i, argc=%i", argvlen, myargc);
|
||
+ for (i = 0; i < myargc; i++) {
|
||
+ printf(", argv[%d]=%s", i, myargv[i]);
|
||
+ }
|
||
+ printf ("\n");
|
||
+#endif
|
||
+
|
||
+ if (argvlen != 333)
|
||
+ return 1;
|
||
+
|
||
+ if (myargc != 4)
|
||
+ return 1;
|
||
+
|
||
+ for (i = 0; i < 4; i++)
|
||
+ {
|
||
+ if (strcmp (myargv[i], argvresult[i]) != 0)
|
||
+ return 1;
|
||
+ }
|
||
+
|
||
+ return 0;
|
||
+}
|
||
|