On Tue, Jun 14, 2016 at 11:22:31PM +0000, Dmitry V. Levin wrote:
commit dce30cd7a07523b0937e7a2cbb83fe744bdbfcf0
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Tue Jun 14 23:03:13 2016 +0000
pam_timestamp: fix typo in strncmp usage
Before this fix, a typo in check_login_time resulted to ruser and
struct utmp.ut_user being compared by the first character only,
which in turn could lead to a too low timestamp value being assigned
to oldest_login, effectively causing bypass of check_login_time.
* modules/pam_timestamp/pam_timestamp.c (check_login_time): Fix typo
in strncmp usage.
Patch-by: Anton V. Boyarshinov <boyarsh(a)altlinux.org>
modules/pam_timestamp/pam_timestamp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/modules/pam_timestamp/pam_timestamp.c
b/modules/pam_timestamp/pam_timestamp.c
index b18efdf..aa8e781 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -211,7 +211,7 @@ check_login_time(const char *ruser, time_t timestamp)
if (ut->ut_type != USER_PROCESS) {
continue;
}
- if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user) != 0)) {
+ if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user)) != 0) {
continue;
}
if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) {
Looks like check_login_time is a hardening check, so security implications
of this bug aren't obvious.
--
ldv