Attachment #381762 for bug #505604

View | Details | Raw Unified | Return to bug 505604
Collapse All | Expand All




		tty = strrchr(tty, '/') + 1;
	}
	/* Make sure the tty wasn't actually a directory (no basename). */
	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
		return NULL;
	}
	return tty;

		if (pwd != NULL) {
			ruser = pwd->pw_name;
		}
	} else {
		/*
		 * This ruser is used by format_timestamp_name as a component
		 * of constructed timestamp pathname, so ".", "..", and '/'
		 * are disallowed to avoid potential path traversal issues.
		 */
		if (!strcmp(ruser, ".") ||
		    !strcmp(ruser, "..") ||
		    strchr(ruser, '/')) {
			ruser = NULL;
		}
	}
	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
		*ruserbuf = '\0';
- 

Return to bug 505604

Lines 158-164 check_tty(const char *tty) Link Here

(-)a/modules/pam_timestamp/pam_timestamp.c (-2 / +12 lines)
158	tty = strrchr(tty, '/') + 1;	158	tty = strrchr(tty, '/') + 1;
159	}	159	}
160	/* Make sure the tty wasn't actually a directory (no basename). */	160	/* Make sure the tty wasn't actually a directory (no basename). */
161	if (strlen(tty) == 0) {	161	if (!strlen(tty) \|\| !strcmp(tty, ".") \|\| !strcmp(tty, "..")) {
162	return NULL;	162	return NULL;
163	}	163	}
164	return tty;	164	return tty;
Lines 243-248 get_ruser(pam_handle_t pamh, char ruserbuf, size_t ruserbuflen) Link Here
243	if (pwd != NULL) {	243	if (pwd != NULL) {
244	ruser = pwd->pw_name;	244	ruser = pwd->pw_name;
245	}	245	}
		246	} else {
		247	/*
		248	* This ruser is used by format_timestamp_name as a component
		249	* of constructed timestamp pathname, so ".", "..", and '/'
		250	* are disallowed to avoid potential path traversal issues.
		251	*/
		252	if (!strcmp(ruser, ".") \|\|
		253	!strcmp(ruser, "..") \|\|
		254	strchr(ruser, '/')) {
		255	ruser = NULL;
		256	}
246	}	257	}
247	if (ruser == NULL \|\| strlen(ruser) >= ruserbuflen) {	258	if (ruser == NULL \|\| strlen(ruser) >= ruserbuflen) {
248	*ruserbuf = '\0';	259	*ruserbuf = '\0';
249	-