diff options
-rw-r--r-- | README.rst | 6 | ||||
-rw-r--r-- | src/pam_radius_auth.c | 27 |
2 files changed, 19 insertions, 14 deletions
@@ -41,9 +41,9 @@ out of the box on Linux and Solaris 2.6. There are minimal restrictions on using the code, as set out in the disclaimer and copyright notice in ``pam_radius_auth.c``. -Building it is straightforward: use GNU make, and type ``make``. If -you've got some other weird make, you'll have to edit the Makefile to -remove the GNU make directives 'ifeq', 'else', etc. +Building it is straightforward: use GNU make, and type ``./configure``, +followed by ``make``. If you've got some other weird make, you'll +have to edit the Makefile to remove the GNU make directives. Alan DeKok <aland@freeradius.org> diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index 8350eb1..471c0d6 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -69,7 +69,7 @@ static void _pam_log(int err, CONST char *format, ...) char buffer[BUFFER_SIZE]; va_start(args, format); - vsprintf(buffer, format, args); + vsnprintf(buffer, sizeof(buffer), format, args); /* don't do openlog or closelog, but put our name in to be friendly */ syslog(err, "%s: %s", pam_module_name, buffer); va_end(args); @@ -485,6 +485,9 @@ static void add_password(AUTH_HDR *request, unsigned char type, CONST char *pass length = MAXPASS; } + memcpy(hashed, password, length); + memset(hashed + length, 0, sizeof(hashed) - length); + if (length == 0) { length = AUTH_PASS_LEN; /* 0 maps to 16 */ } if ((length & (AUTH_PASS_LEN - 1)) != 0) { @@ -492,9 +495,6 @@ static void add_password(AUTH_HDR *request, unsigned char type, CONST char *pass length &= ~(AUTH_PASS_LEN - 1); /* chop it off */ } /* 16*N maps to itself */ - memcpy(hashed, password, length); - memset(hashed + length, 0, sizeof(hashed) - length); - attr = find_attribute(request, PW_PASSWORD); if (type == PW_PASSWORD) { @@ -578,17 +578,22 @@ static int initialize(radius_conf_t *conf, int accounting) p = buffer; /* - * Skip blank lines and whitespace + * Skip whitespace */ - while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\r') || (*p == '\n'))) { - p++; - } + while ((*p == ' ') || (*p == '\t')) p++; /* - * Nothing, or just a comment. Ignore the line. + * Skip blank lines and comments. */ - if ((!*p) || (*p == '#')) { - continue; + if ((*p == '\r') || (*p == '\n') || (*p == '#')) continue; + + /* + * Error out if the text is too long. + */ + if (!*p) { + _pam_log(LOG_ERR, "ERROR reading %s, line %d: Line too long\n", + conf_file, line); + break; } timeout = 3; |