Skip to content
Permalink
Browse files Browse the repository at this point in the history
13242 parse_user_name in PAM is sloppy
Reviewed by: Alex Wilson <alex@cooperi.net>
Approved by: Gordon Ross <gordon.w.ross@gmail.com>
  • Loading branch information
Dan McDonald committed Oct 22, 2020
1 parent 549e0fd commit 1d276e0
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions usr/src/lib/libpam/pam_framework.c
Expand Up @@ -24,7 +24,7 @@
*/

/*
* Copyright (c) 2019, Joyent, Inc.
* Copyright 2020, Joyent, Inc.
*/

#include <syslog.h>
Expand Down Expand Up @@ -656,19 +656,20 @@ parse_user_name(char *user_input, char **ret_username)
* - we skip leading whitespaces and ignore trailing whitespaces
*/
while (*ptr != '\0') {
if ((*ptr == ' ') || (*ptr == '\t'))
if ((*ptr == ' ') || (*ptr == '\t') ||
(index >= PAM_MAX_RESP_SIZE)) {
break;
else {
} else {
username[index] = *ptr;
index++;
ptr++;
}
}

/* ret_username will be freed in pam_get_user(). */
if ((*ret_username = malloc(index + 1)) == NULL)
if (index >= PAM_MAX_RESP_SIZE ||
(*ret_username = strdup(username)) == NULL)
return (PAM_BUF_ERR);
(void) strcpy(*ret_username, username);
return (PAM_SUCCESS);
}

Expand Down

0 comments on commit 1d276e0

Please sign in to comment.