Validate the service name, closing an attack vector for programs like
kcheckpass that let the user specify which policy to apply. See <URL:http://c-skills.blogspot.com/2011/11/openpam-trickery.html>. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@497 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
026c898ec5
commit
b9f0b632da
|
@ -556,6 +556,11 @@ openpam_configure(pam_handle_t *pamh,
|
|||
const char *service)
|
||||
{
|
||||
pam_facility_t fclt;
|
||||
const char *p;
|
||||
|
||||
for (p = service; *p; ++p)
|
||||
if (!is_pfcs(*p))
|
||||
return (PAM_SYSTEM_ERR);
|
||||
|
||||
if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) != PAM_SUCCESS)
|
||||
goto load_err;
|
||||
|
|
Loading…
Reference in New Issue