Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Feb 2021 01:42:11 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f8e0874a2d97 - releng/12.2 - pam_login_access: Fix negative entry matching logic
Message-ID:  <202102240142.11O1gBhj054781@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch releng/12.2 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=f8e0874a2d975f98fd87a63460faa4f09f84b33c

commit f8e0874a2d975f98fd87a63460faa4f09f84b33c
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-02-23 22:01:29 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-02-24 01:42:01 +0000

    pam_login_access: Fix negative entry matching logic
    
    PR:             252194
    Approved by:    so
    Security:       CVE-2020-25580
    Security:       FreeBSD-SA-21:03.pam_login_access
    
    (cherry picked from commit 6ab923cbca8759503a08683a5978b9ebf5efd607)
    (cherry picked from commit c99e3e2d96935ae4d61948bf7660e9b9c2afb4d9)
---
 lib/libpam/modules/pam_login_access/login_access.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c
index 9496081d362e..719808858dac 100644
--- a/lib/libpam/modules/pam_login_access/login_access.c
+++ b/lib/libpam/modules/pam_login_access/login_access.c
@@ -137,10 +137,10 @@ list_match(char *list, const char *item,
     if (match != NO) {
 	while ((tok = strtok((char *) 0, listsep)) && strcmp(tok, "EXCEPT")) {
 	     /* VOID */ ;
-	    if (tok == NULL || list_match((char *) 0, item, match_fn,
-		login_access_opts) == NO) {
+	}
+	if (tok == NULL ||
+	    list_match((char *) 0, item, match_fn, login_access_opts) == NO) {
 		return (match);
-	    }
 	}
     }
     return (NO);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102240142.11O1gBhj054781>