Date: Tue, 14 Nov 2017 10:49:07 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r325802 - stable/10/lib/libpam/modules/pam_unix Message-ID: <201711141049.vAEAn7TW084686@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Tue Nov 14 10:49:07 2017 New Revision: 325802 URL: https://svnweb.freebsd.org/changeset/base/325802 Log: MFH (r325010): don't bother verifying a password that we know is too long. Reported by: jkim@ Security: CVE-2016-6210 Modified: stable/10/lib/libpam/modules/pam_unix/pam_unix.c Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libpam/modules/pam_unix/pam_unix.c ============================================================================== --- stable/10/lib/libpam/modules/pam_unix/pam_unix.c Tue Nov 14 10:48:30 2017 (r325801) +++ stable/10/lib/libpam/modules/pam_unix/pam_unix.c Tue Nov 14 10:49:07 2017 (r325802) @@ -111,6 +111,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) && openpam_get_option(pamh, PAM_OPT_NULLOK)) return (PAM_SUCCESS); + PAM_LOG("Password is empty, using fake password"); realpw = "*"; } lc = login_getpwclass(pwd); @@ -125,6 +126,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un if (retval != PAM_SUCCESS) return (retval); PAM_LOG("Got password"); + if (strnlen(pass, _PASSWORD_LEN + 1) > _PASSWORD_LEN) { + PAM_LOG("Password is too long, using fake password"); + realpw = "*"; + } if (strcmp(crypt(pass, realpw), realpw) == 0) return (PAM_SUCCESS);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711141049.vAEAn7TW084686>