Learn more about these different git repos.
Other Git URLs
To allow safe usage of string related functions on authentication token with type SSS_AUTHTOK_TYPE_PASSWORD (user entered passwords) pam_sss should check if the last character is \0 and if not either reject to whole request or add \0 and change the size of the autentication token accordingly. I'm not sure which way would be better.
Additional sanity checks, like checking for non-printable character, might be added as well.
What is said in the interface definition about the string argument? Is it expected to be null terminated? If it is then it is a bug and I would say check and reject. If the interface allows byte sequences of a specific length then we should treat it as byte sequence of a specific length and not require a 0 at the end but rather use as an array of the known length.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.10.0
milestone: SSSD 1.10.0 => SSSD 1.10 beta summary: Add a check to pam_sss to ensure that authtok_type=SSS_AUTHTOK_TYPE_PASSWORD is \0 terminated => [RFE] Add a check to pam_sss to ensure that authtok_type=SSS_AUTHTOK_TYPE_PASSWORD is \0 terminated
rhbz: => 0
selected: => Not need
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
Retest and close it. The code now explicitly checks for \0.
changelog: => design: => design_review: => 0 fedora_test_page: => milestone: SSSD 1.13 beta => Interim Bucket review: => 0
milestone: Interim Bucket => SSSD 1.12 beta
resolution: => fixed status: new => closed
changelog: => N/A, not a user visible change
design: => N/A, design for this feature is not needed
Metadata Update from @sbose: - Issue set to the milestone: SSSD 1.12 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2627
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.