Learn more about these different git repos.
Other Git URLs
To allow safe usage of string related functions on authentication token with type SSS_AUTHTOK_TYPE_PASSWORD (user entered passwords) pam_sss should check if the last character is \0 and if not either reject to whole request or add \0 and change the size of the autentication token accordingly. I'm not sure which way would be better.
Additional sanity checks, like checking for non-printable character, might be added as well.
What is said in the interface definition about the string argument? Is it expected to be null terminated? If it is then it is a bug and I would say check and reject. If the interface allows byte sequences of a specific length then we should treat it as byte sequence of a specific length and not require a 0 at the end but rather use as an array of the known length.
milestone: NEEDS_TRIAGE => SSSD 1.10.0
milestone: SSSD 1.10.0 => SSSD 1.10 beta
summary: Add a check to pam_sss to ensure that authtok_type=SSS_AUTHTOK_TYPE_PASSWORD is \0 terminated => [RFE] Add a check to pam_sss to ensure that authtok_type=SSS_AUTHTOK_TYPE_PASSWORD is \0 terminated
rhbz: => 0
selected: => Not need
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
Retest and close it. The code now explicitly checks for \0.
design_review: => 0
milestone: SSSD 1.13 beta => Interim Bucket
review: => 0
milestone: Interim Bucket => SSSD 1.12 beta
resolution: => fixed
status: new => closed
changelog: => N/A, not a user visible change
design: => N/A, design for this feature is not needed
Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.12 beta
to comment on this ticket.