rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-08 03:54:18 +01:00
Code Issues Projects Releases Wiki Activity

Verify that challenge-response file is a normal file.

Browse Source
This commit is contained in:
Fredrik Thulin 2011-11-23 13:55:44 +01:00
parent d4acd495f0
commit 94885d2d48
1 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pam_yubico.c
View File

@ -439,7 +439,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
char *userfile = NULL, *tmpfile = NULL; char *userfile = NULL, *tmpfile = NULL;
FILE *f = NULL; FILE *f = NULL;
unsigned char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1]; unsigned char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1];
int ret; int ret, fd;
unsigned int flags = 0; unsigned int flags = 0;
unsigned int response_len = 0; unsigned int response_len = 0;
@ -451,6 +451,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
char *errstr = NULL; char *errstr = NULL;
struct passwd *p; struct passwd *p;
struct stat st;
ret = PAM_AUTH_ERR; ret = PAM_AUTH_ERR;
flags |= YK_FLAG_MAYBLOCK; flags |= YK_FLAG_MAYBLOCK;
@ -485,8 +486,30 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
goto out; goto out;
} }
/* XXX may want to check that userfile is a regular file. */ fd = open(userfile, O_RDONLY, 0);
f = fopen(userfile, "r"); if (fd < 0) {
DBG (("Cannot open file: %s (%s)", userfile, strerror(errno)));
goto out;
}
if (fstat(fd, &st) < 0) {
DBG (("Cannot stat file: %s (%s)", userfile, strerror(errno)));
close(fd);
goto out;
}
if (!S_ISREG(st.st_mode)) {
DBG (("%s is not a regular file", userfile));
close(fd);
goto out;
}
f = fdopen(fd, "r");
if (f == NULL) {
DBG (("fdopen: %s", strerror(errno)));
close(fd);
goto out;
}
if (! load_chalresp_state(f, &state)) if (! load_chalresp_state(f, &state))
goto out; goto out;