From owner-svn-src-all@freebsd.org  Tue Nov 14 10:49:08 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62D87DBAB86;
 Tue, 14 Nov 2017 10:49:08 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2C8E4798DB;
 Tue, 14 Nov 2017 10:49:08 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vAEAn7rw084687;
 Tue, 14 Nov 2017 10:49:07 GMT (envelope-from des@FreeBSD.org)
Received: (from des@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id vAEAn7TW084686;
 Tue, 14 Nov 2017 10:49:07 GMT (envelope-from des@FreeBSD.org)
Message-Id: <201711141049.vAEAn7TW084686@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org
 using -f
From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
Date: Tue, 14 Nov 2017 10:49:07 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r325802 - stable/10/lib/libpam/modules/pam_unix
X-SVN-Group: stable-10
X-SVN-Commit-Author: des
X-SVN-Commit-Paths: stable/10/lib/libpam/modules/pam_unix
X-SVN-Commit-Revision: 325802
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 10:49:08 -0000

Author: des
Date: Tue Nov 14 10:49:07 2017
New Revision: 325802
URL: https://svnweb.freebsd.org/changeset/base/325802

Log:
  MFH (r325010): don't bother verifying a password that we know is too long.
  
  Reported by:	jkim@
  Security:	CVE-2016-6210

Modified:
  stable/10/lib/libpam/modules/pam_unix/pam_unix.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libpam/modules/pam_unix/pam_unix.c
==============================================================================
--- stable/10/lib/libpam/modules/pam_unix/pam_unix.c	Tue Nov 14 10:48:30 2017	(r325801)
+++ stable/10/lib/libpam/modules/pam_unix/pam_unix.c	Tue Nov 14 10:49:07 2017	(r325802)
@@ -111,6 +111,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un
 			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
 			    openpam_get_option(pamh, PAM_OPT_NULLOK))
 				return (PAM_SUCCESS);
+			PAM_LOG("Password is empty, using fake password");
 			realpw = "*";
 		}
 		lc = login_getpwclass(pwd);
@@ -125,6 +126,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un
 	if (retval != PAM_SUCCESS)
 		return (retval);
 	PAM_LOG("Got password");
+	if (strnlen(pass, _PASSWORD_LEN + 1) > _PASSWORD_LEN) {
+		PAM_LOG("Password is too long, using fake password");
+		realpw = "*";
+	}
 	if (strcmp(crypt(pass, realpw), realpw) == 0)
 		return (PAM_SUCCESS);