1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wferi@debian.org>
Date: Mon, 16 Nov 2020 20:48:30 +0100
Subject: Avoid segfault on unexpected Joomla hash value
For example Joomla 3.2 uses crypt-like formats (like $P$...), which
aren't colon-separated, so salt becomes NULL and strlen() bombs.
---
pam_mysql.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/pam_mysql.c b/pam_mysql.c
index c2cc42b..f4dac29 100644
--- a/pam_mysql.c
+++ b/pam_mysql.c
@@ -3796,6 +3796,11 @@ static pam_mysql_err_t pam_mysql_check_passwd(pam_mysql_ctx_t *ctx,
char *salt = row[0];
char *hash = strsep(&salt,":");
+ if (!salt) {
+ syslog(LOG_AUTHPRIV | LOG_WARNING, PAM_MYSQL_LOG_PREFIX "unknown hash format");
+ err = PAM_MYSQL_ERR_MISMATCH;
+ goto out;
+ }
int len = strlen(passwd)+strlen(salt);
char *tmp;
|
