|
|
d0a457 |
From 6984b34fe496d696e37f003dbf57a5ca1b5899ea Mon Sep 17 00:00:00 2001
|
|
|
d0a457 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
d0a457 |
Date: Mon, 20 May 2019 15:06:54 -0400
|
|
|
d0a457 |
Subject: [PATCH] Ticket 50396 - Crash in PAM plugin when user does not exist
|
|
|
d0a457 |
|
|
|
d0a457 |
Description: pam passthru & addn plugin causes crash in bind when
|
|
|
d0a457 |
user does not exist. Need to make sure we don't
|
|
|
d0a457 |
dereference NULL pointer.
|
|
|
d0a457 |
|
|
|
d0a457 |
https://pagure.io/389-ds-base/issue/50396
|
|
|
d0a457 |
|
|
|
d0a457 |
Reviewed by: mreynolds & tbordaz
|
|
|
d0a457 |
|
|
|
d0a457 |
(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)
|
|
|
d0a457 |
---
|
|
|
d0a457 |
ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 5 +++--
|
|
|
d0a457 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
d0a457 |
|
|
|
d0a457 |
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
|
|
|
d0a457 |
index de9448b90..b62c3c6b6 100644
|
|
|
d0a457 |
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
|
|
|
d0a457 |
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
|
|
|
d0a457 |
@@ -436,8 +436,9 @@ pam_passthru_bindpreop(Slapi_PBlock *pb)
|
|
|
d0a457 |
* We only handle simple bind requests that include non-NULL binddn and
|
|
|
d0a457 |
* credentials. Let the Directory Server itself handle everything else.
|
|
|
d0a457 |
*/
|
|
|
d0a457 |
- if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') ||
|
|
|
d0a457 |
- (creds->bv_len == 0)) {
|
|
|
d0a457 |
+ if (method != LDAP_AUTH_SIMPLE || normbinddn == NULL ||
|
|
|
d0a457 |
+ *normbinddn == '\0' || creds->bv_len == 0)
|
|
|
d0a457 |
+ {
|
|
|
d0a457 |
slapi_log_err(SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
|
|
|
d0a457 |
"pam_passthru_bindpreop - Not handled (not simple bind or NULL dn/credentials)\n");
|
|
|
d0a457 |
return retcode;
|
|
|
d0a457 |
--
|
|
|
d0a457 |
2.21.0
|
|
|
d0a457 |
|