packages/pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pam/pam_modutil_check_user_in_passwd-avoid-timing-attack.patch

31 lines
1.0 KiB
Diff
Raw Blame History

From efd2a79c11982d0feebebbf740506c9555120b97 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Tue, 16 Jun 2020 15:00:00 +0000
Subject: [PATCH] pam_modutil_check_user_in_passwd: avoid timing attacks
* libpam/pam_modutil_check_user.c (pam_modutil_check_user_in_passwd): Do
not exit the file reading loop when the user is found, continue reading
the file to avoid timing attacks.
---
libpam/pam_modutil_check_user.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libpam/pam_modutil_check_user.c b/libpam/pam_modutil_check_user.c
index 898b13a..cf1bd1b 100644
--- a/libpam/pam_modutil_check_user.c
+++ b/libpam/pam_modutil_check_user.c
@@ -60,7 +60,9 @@ pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
if (strncmp(user_name, line, user_len) == 0 &&
line[user_len] == ':') {
rc = PAM_SUCCESS;
- break;
+ /*
+ * Continue reading the file to avoid timing attacks.
+ */
}
/* Has a newline been read? */
line_len = strlen(line);
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink