13242 parse_user_name in PAM is sloppyrelease-20201022

Reviewed by: Alex Wilson <alex@cooperi.net> Approved by: Gordon Ross <gordon.w.ross@gmail.com>
author: Dan McDonald <danmcd@joyent.com> 2020-10-22 08:34:07 -0400
committer: Dan McDonald <danmcd@joyent.com> 2020-10-22 11:29:34 -0400
commit: 479da4c8f65b092cf0955d62c52eabf6f1de90bb (patch)
tree: 5dee2235ae2a60ec0459b9f2a5ec9b00fc026a2d
parent: 54c8d80ce91aece72e185f6585e3ca8d62a0ea31 (diff)
download: illumos-joyent-release-20201022.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/usr/src/lib/libpam/pam_framework.c b/usr/src/lib/libpam/pam_framework.c
index b3340ffd5e..9c46218812 100644
--- a/usr/src/lib/libpam/pam_framework.c
+++ b/usr/src/lib/libpam/pam_framework.c
@@ -24,7 +24,7 @@
  */
 
 /*
- * Copyright (c) 2019, Joyent, Inc.
+ * Copyright 2020, Joyent, Inc.
  */
 
 #include <syslog.h>
@@ -656,9 +656,10 @@ parse_user_name(char *user_input, char **ret_username)
 	 * - we skip leading whitespaces and ignore trailing whitespaces
 	 */
 	while (*ptr != '\0') {
-		if ((*ptr == ' ') || (*ptr == '\t'))
+		if ((*ptr == ' ') || (*ptr == '\t') ||
+		    (index >= PAM_MAX_RESP_SIZE)) {
 			break;
-		else {
+		} else {
 			username[index] = *ptr;
 			index++;
 			ptr++;
@@ -666,9 +667,9 @@ parse_user_name(char *user_input, char **ret_username)
 	}
 
 	/* ret_username will be freed in pam_get_user(). */
-	if ((*ret_username = malloc(index + 1)) == NULL)
+	if (index >= PAM_MAX_RESP_SIZE ||
+	    (*ret_username = strdup(username)) == NULL)
 		return (PAM_BUF_ERR);
-	(void) strcpy(*ret_username, username);
 	return (PAM_SUCCESS);
 }
author	Dan McDonald <danmcd@joyent.com>	2020-10-22 08:34:07 -0400
committer	Dan McDonald <danmcd@joyent.com>	2020-10-22 11:29:34 -0400
commit	479da4c8f65b092cf0955d62c52eabf6f1de90bb (patch)
tree	5dee2235ae2a60ec0459b9f2a5ec9b00fc026a2d
parent	54c8d80ce91aece72e185f6585e3ca8d62a0ea31 (diff)
download	illumos-joyent-release-20201022.tar.gz