OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
OpenPAM/lib/libpam
History
Dag-Erling Smørgrav 7dbd5c38b7 In openpam_parse_chain(): 
1. Finish a comment which was meant to describe the four different
   termination conditions for the loop in openpam_parse_chain() but
   ended in mid-sentence.

2. Ensure that errno is consistently set to EINVAL if a syntax error
   is encountered in the policy file.

3. If openpam_load_module() fails because the module could not be
   loaded, set errno to ENOEXEC instead of ENOENT.  This closes a hole
   where a missing module or a typo in a module name would cause the
   corresponding chain to fail open.  Normally, if the policy exists
   but cannot be loaded, openpam_load_chain() will return an error,
   and openpam_configure() will discard any partially constructed
   chains.  However, openpam_load_chain() interprets ENOENT to mean
   that the policy was not found, so it does not immediately return an
   error, the partially-loaded chain is not discarded, and the policy
   is incorrectly considered to have been successfully loaded.

4. Ensure that errors encountered while parsing an included policy are
   correctly propagated to the original policy, and that ENOENT while
   processing an include directive is a hard error, not a soft error.

CVE-2014-3879


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@795 185d5e19-27fe-0310-9dcf-9bff6b9f3609
 		2014-06-03 21:27:48 +00:00
..
Makefile.am Use dlfunc() if available; if not, fake it in terms of dlsym(). 2013-03-11 15:08:52 +00:00
openpam_asprintf.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_asprintf.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_borrow_cred.c PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 2013-03-05 17:58:33 +00:00
openpam_check_owner_perms.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_configure.c In openpam_parse_chain(): 2014-06-03 21:27:48 +00:00
openpam_constants.c The --with-modules-dir configure option never quite worked, and became 2013-08-15 13:22:51 +00:00
openpam_constants.h Move openpam_policy_path into openpam_constants.c, and add a corresponding 2013-03-11 14:10:13 +00:00
openpam_cred.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_ctype.h Fix a bug in the is_upper() macro. 2014-02-26 16:23:22 +00:00
openpam_debug.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_dispatch.c PAM_LOG_DEBUG -> PAM_LOG_LIBDEBUG 2013-03-05 17:58:33 +00:00
openpam_dlfunc.h Use dlfunc() if available; if not, fake it in terms of dlsym(). 2013-03-11 15:08:52 +00:00
openpam_dynamic.c Log an error if open() failed for any other reason than ENOENT. 2013-04-14 14:49:59 +00:00
openpam_features.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_features.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_findenv.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_free_data.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_free_envlist.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_get_feature.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_get_option.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_impl.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_load.c unbreak static linking 2013-03-17 10:56:15 +00:00
openpam_log.c Document that openpam_log(3) saves and restores errno(2). 2013-07-11 16:36:02 +00:00
openpam_nullconv.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_readline.c Don't log the text we read, it may contain sensitive information (such 2013-08-16 11:57:54 +00:00
openpam_readlinev.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_readword.c Support line continuation in whitespace. 2014-03-17 14:11:41 +00:00
openpam_restore_cred.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_set_feature.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_set_option.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_static.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_straddch.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_strlcat.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_strlcat.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_strlcmp.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_strlcpy.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_strlcpy.h Reorganize: 2013-03-05 17:49:06 +00:00
openpam_subst.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_ttyconv.c caught_signal should be static; gcc doesn't seem to mind, whereas some 2013-09-07 19:25:57 +00:00
openpam_vasprintf.c Reorganize: 2013-03-05 17:49:06 +00:00
openpam_vasprintf.h Reorganize: 2013-03-05 17:49:06 +00:00
pam_acct_mgmt.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_authenticate.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_authenticate_secondary.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_chauthtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_close_session.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_end.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_error.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_get_authtok.c Document the effect of module options (echo_pass, *_prompt etc) 2013-03-17 19:26:07 +00:00
pam_get_data.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_get_item.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_get_mapped_authtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_get_mapped_username.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_get_user.c Document the effect of module options (echo_pass, *_prompt etc) 2013-03-17 19:26:07 +00:00
pam_getenv.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_getenvlist.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_info.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_open_session.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_prompt.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_putenv.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_set_data.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_set_item.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_set_mapped_authtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_set_mapped_username.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_setcred.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_setenv.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_acct_mgmt.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_authenticate.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_authenticate_secondary.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_chauthtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_close_session.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_get_mapped_authtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_get_mapped_username.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_open_session.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_set_mapped_authtok.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_set_mapped_username.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_sm_setcred.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_start.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_strerror.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_verror.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_vinfo.c Reorganize: 2013-03-05 17:49:06 +00:00
pam_vprompt.c Reorganize: 2013-03-05 17:49:06 +00:00