blob: 0d530ca2aeda6471f50031e76d4ffcf2e014314b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
$NetBSD: patch-am,v 1.3 2011/11/28 15:26:26 drochner Exp $
protect against CVE-2011-4122
--- helpers/basic_auth/PAM/pam_auth.c.orig 2005-05-17 16:56:25.000000000 +0000
+++ helpers/basic_auth/PAM/pam_auth.c
@@ -188,6 +188,11 @@ start:
exit(1);
}
+ if (strchr(service, '/')) {
+ fprintf(stderr, "Illegal service '%s'\n", service);
+ exit(1);
+ }
+
while (fgets(buf, BUFSIZE, stdin)) {
user = buf;
password = strchr(buf, '\n');
|