Date: Sat, 10 Dec 2011 01:44:24 +0000 (UTC) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r228384 - head/contrib/openpam/lib Message-ID: <201112100144.pBA1iOFS058630@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Sat Dec 10 01:44:24 2011 New Revision: 228384 URL: http://svn.freebsd.org/changeset/base/228384 Log: Add minimal validation of the service name to fend off at least one attack vector against applications that allow the applicant to specify which policy to apply. Submitted by: Matthias Drochner <drochner@netbsd.org> MFC after: 1 week Modified: head/contrib/openpam/lib/openpam_configure.c Modified: head/contrib/openpam/lib/openpam_configure.c ============================================================================== --- head/contrib/openpam/lib/openpam_configure.c Sat Dec 10 01:01:44 2011 (r228383) +++ head/contrib/openpam/lib/openpam_configure.c Sat Dec 10 01:44:24 2011 (r228384) @@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh, size_t len; int r; + /* don't allow to escape from policy_path */ + if (strchr(service, '/')) { + openpam_log(PAM_LOG_ERROR, "invalid service name: %s", + service); + return (-PAM_SYSTEM_ERR); + } + for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112100144.pBA1iOFS058630>