Skip to content
Snippets Groups Projects
Commit fac1a692 authored by Lukas Braun's avatar Lukas Braun
Browse files

pam: check received length before comparing response

parent 7247ffbe
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 4 deletions
pam_goatherd.c
+ 8
4
View file @ fac1a692
......@@ -28,6 +28,9 @@ static const char arg_server[] = "server=";
static const char arg_port[] = "port=";
static const char arg_certs[] = "certs=";
static const char str_ok[] = "OK\n";
static const char str_fail[] = "FAIL\n";
#define dbgp(msg) do { \
if (cfg.debug) fprintf(stderr, "[%s:%s:%i] %s\n", __FILE__, __FUNCTION__, __LINE__, msg); \
} while(0)
......@@ -194,18 +197,19 @@ static int check_hotp(struct cfg cfg, const char *user, const char *hotp)
}
char buf[5];
if ((err = gnutls_record_recv(session, &buf, sizeof(buf) - 1)) < 0)
ssize_t recvd;
if ((recvd = gnutls_record_recv(session, &buf, sizeof(buf) - 1)) < 0)
{
dbgp2("error in send", gnutls_strerror(err));
dbgp2("error in send", gnutls_strerror((int)recvd));
err = PAM_AUTHINFO_UNAVAIL;
goto bye;
}
// auth succeeded?
if (!strncmp(buf, "OK", 2)) {
if (recvd >= strlen(str_ok) && !strncmp(buf, str_ok, strlen(str_ok))) {
dbgp("OK");
err = PAM_SUCCESS;
} else if (!strncmp(buf, "FAIL", 4)) {
} else if (recvd >= strlen(str_fail) && !strncmp(buf, str_fail, strlen(str_fail))) {
dbgp("FAIL");
err = PAM_AUTH_ERR;
} else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment