cowboy me, 2.0: jose nazario beauty and the street


bug hunting: PAM SMB



more bug hunting via google codesearch. this one is in PAM_SMB. it doesn't appear to be a security bug.

not that pam_smb is now deprecated. thanks for Andrea at ocert for helping *finally* get me in touch with the pam_smb guys.

--- pam_smb_auth.c.orig 2006-10-05 14:33:14.000000000 -0400
+++ pam_smb_auth.c      2006-10-05 14:33:21.000000000 -0400
@@ -228,7 +228,7 @@
               error code for non-existant users -- alex */

if ( ( !pw->pw_passwd ) && ( !p ) ) - if ( flags && PAM_DISALLOW_NULL_AUTHTOK ) + if ( flags & PAM_DISALLOW_NULL_AUTHTOK ) return PAM_SUCCESS;

pp = crypt(p, salt);

|

----

next Saturday, Aug 23, 2008 @ 07:26pm | previous Thursday, Mar 06, 2008 @ 12:34pm | archives

Last modified: Tuesday, Apr 15, 2008 @ 09:36am
Weblog Commenting and Trackback by HaloScan.com

Your Ad Here

copyright © 2002-2005 jose nazario, all rights reserved.