Skip to content
Browse files

Verify the otp_length given by the configuration

Avoid out of bound writing at ligne -920,1 +927,1:
strncpy (otp_id, password + skip_bytes, cfg->token_id_length);
  • Loading branch information...
1 parent 2e9adfa commit 96252b6f2b259ed4cfb1d6b531067c2de54268ad @Feandil Feandil committed Aug 6, 2012
Showing with 7 additions and 0 deletions.
  1. +7 −0 pam_yubico.c
View
7 pam_yubico.c
@@ -781,6 +781,13 @@ pam_sm_authenticate (pam_handle_t * pamh,
parse_cfg (flags, argc, argv, cfg);
+ if (cfg->token_id_length > MAX_TOKEN_ID_LEN)
+ {
+ DBG (("configuration error: token_id_length too long. Maximum acceptable value : %d", MAX_TOKEN_ID_LEN));
+ retval = PAM_AUTHINFO_UNAVAIL;
+ goto done;
+ }
+
retval = pam_get_user (pamh, &user, NULL);
if (retval != PAM_SUCCESS)
{

0 comments on commit 96252b6

Please sign in to comment.
Something went wrong with that request. Please try again.