Add minimal validation of the service name to fend off at least one

attack vector against applications that allow the applicant to specify which policy to apply. Submitted by: Matthias Drochner <drochner@netbsd.org> MFC after: 1 week
author: des <des@FreeBSD.org> 2011-12-10 01:44:24 +0000
committer: des <des@FreeBSD.org> 2011-12-10 01:44:24 +0000
commit: efab7408824b1779a2184b41a8d34e8bde3fadd0 (patch)
tree: 927411920adda6798264f3fcff6b6f8220d1e8c4 /contrib/openpam
parent: 339827a68844d90e04afce4a7094daeff19acef4 (diff)
download: FreeBSD-src-efab7408824b1779a2184b41a8d34e8bde3fadd0.zip
FreeBSD-src-efab7408824b1779a2184b41a8d34e8bde3fadd0.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c
index f9197ad..688b2ac 100644
--- a/contrib/openpam/lib/openpam_configure.c
+++ b/contrib/openpam/lib/openpam_configure.c
@@ -285,6 +285,13 @@ openpam_load_chain(pam_handle_t *pamh,
 	size_t len;
 	int r;
 
+	/* don't allow to escape from policy_path */
+	if (strchr(service, '/')) {
+		openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
+		    service);
+		return (-PAM_SYSTEM_ERR);
+	}
+
 	for (path = openpam_policy_path; *path != NULL; ++path) {
 		len = strlen(*path);
 		if ((*path)[len - 1] == '/') {
author	des <des@FreeBSD.org>	2011-12-10 01:44:24 +0000
committer	des <des@FreeBSD.org>	2011-12-10 01:44:24 +0000
commit	efab7408824b1779a2184b41a8d34e8bde3fadd0 (patch)
tree	927411920adda6798264f3fcff6b6f8220d1e8c4 /contrib/openpam
parent	339827a68844d90e04afce4a7094daeff19acef4 (diff)
download	FreeBSD-src-efab7408824b1779a2184b41a8d34e8bde3fadd0.zip FreeBSD-src-efab7408824b1779a2184b41a8d34e8bde3fadd0.tar.gz