nss-pam-ldapd commit: r1382 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1382 - nss-pam-ldapd/nslcd
Date: Wed, 9 Mar 2011 23:32:32 +0100 (CET)

Author: arthur
Date: Wed Mar  9 23:32:30 2011
New Revision: 1382
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1382

Log:
properly handle user-not-found errors when doing authentication (CVE-2011-0438)

Modified:
   nss-pam-ldapd/nslcd/pam.c
   nss-pam-ldapd/nslcd/passwd.c

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Sun Mar  6 16:58:14 2011        (r1381)
+++ nss-pam-ldapd/nslcd/pam.c   Wed Mar  9 23:32:30 2011        (r1382)
@@ -2,7 +2,7 @@
    pam.c - pam processing routines
 
    Copyright (C) 2009 Howard Chu
-   Copyright (C) 2009, 2010 Arthur de Jong
+   Copyright (C) 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -105,6 +105,8 @@
     entry=uid2entry(session,username,&rc);
     if (entry==NULL)
     {
+      if (rc==LDAP_SUCCESS)
+        rc=LDAP_NO_SUCH_OBJECT;
       log_log(LOG_WARNING,"\"%s\": user not found: 
%s",username,ldap_err2string(rc));
       return rc;
     }

Modified: nss-pam-ldapd/nslcd/passwd.c
==============================================================================
--- nss-pam-ldapd/nslcd/passwd.c        Sun Mar  6 16:58:14 2011        (r1381)
+++ nss-pam-ldapd/nslcd/passwd.c        Wed Mar  9 23:32:30 2011        (r1382)
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -300,7 +300,11 @@
   char filter[1024];
   /* if it isn't a valid username, just bail out now */
   if (!isvalidname(uid))
+  {
+    if (rcp!=NULL)
+      *rcp=LDAP_INVALID_SYNTAX;
     return NULL;
+  }
   /* set up attributes (we don't need much) */
   attrs[0]=attmap_passwd_uid;
   attrs[1]=attmap_passwd_uidNumber;
@@ -311,11 +315,17 @@
   {
     search=myldap_search(session,base,passwd_scope,filter,attrs,rcp);
     if (search==NULL)
+    {
+      if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS))
+        *rcp=LDAP_NO_SUCH_OBJECT;
       return NULL;
-    entry=myldap_get_entry(search,NULL);
+    }
+    entry=myldap_get_entry(search,rcp);
     if ((entry!=NULL)&&(entry_has_valid_uid(entry)))
       return entry;
   }
+  if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS))
+    *rcp=LDAP_NO_SUCH_OBJECT;
   return NULL;
 }
 
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits

nss-pam-ldapd commit: r1382 - nss-pam-ldapd/nslcd, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd commit: r1381 - nss-pam-ldapd/pynslcd
Next by Date: nss-pam-ldapd commit: r1383 - nss-pam-ldapd/nslcd
Previous by thread: nss-pam-ldapd commit: r1381 - nss-pam-ldapd/pynslcd
Next by thread: nss-pam-ldapd commit: r1383 - nss-pam-ldapd/nslcd