Monday, May 20, 2019

[389-commits] [389-ds-base] branch 389-ds-base-1.3.9 updated: Ticket 50396 - Crash in PAM plugin when user does not exist

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.3.9
in repository 389-ds-base.

The following commit(s) were added to refs/heads/389-ds-base-1.3.9 by this push:
new 8b279b4 Ticket 50396 - Crash in PAM plugin when user does not exist
8b279b4 is described below

commit 8b279b4923bbbc01cc616d8d431941463cb1665c
Author: Mark Reynolds <mreynolds@redhat.com>
AuthorDate: Mon May 20 15:06:54 2019 -0400

Ticket 50396 - Crash in PAM plugin when user does not exist

Description: pam passthru & addn plugin causes crash in bind when
user does not exist. Need to make sure we don't
dereference NULL pointer.

https://pagure.io/389-ds-base/issue/50396

Reviewed by: mreynolds & tbordaz

(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)
---
ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
index de9448b..b62c3c6 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
@@ -436,8 +436,9 @@ pam_passthru_bindpreop(Slapi_PBlock *pb)
* We only handle simple bind requests that include non-NULL binddn and
* credentials. Let the Directory Server itself handle everything else.
*/
- if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') ||
- (creds->bv_len == 0)) {
+ if (method != LDAP_AUTH_SIMPLE || normbinddn == NULL ||
+ *normbinddn == '\0' || creds->bv_len == 0)
+ {
slapi_log_err(SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_bindpreop - Not handled (not simple bind or NULL dn/credentials)\n");
return retcode;

--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-commits@lists.fedoraproject.org
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)