diff options
author | Mark Johnston <markj@FreeBSD.org> | 2021-02-23 22:01:29 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2021-02-24 01:34:52 +0000 |
commit | 3ea0e6b45274a296b859a3171070834a2e33c5fd (patch) | |
tree | 0dd98e5e02d0cb108a3430dc08a1872515f4d611 | |
parent | ab1cd885a619a0304e40fa07795ea9ddcb33134e (diff) | |
download | src-3ea0e6b45274a296b859a3171070834a2e33c5fd.tar.gz src-3ea0e6b45274a296b859a3171070834a2e33c5fd.zip |
pam_login_access: Fix negative entry matching logic
PR: 252194
Approved by: so
Security: CVE-2020-25580
Security: FreeBSD-SA-21:03.pam_login_access
(cherry picked from commit 6ab923cbca8759503a08683a5978b9ebf5efd607)
(cherry picked from commit dae05d22d64ea218abe5883be539c2b41c20b1fb)
-rw-r--r-- | lib/libpam/modules/pam_login_access/login_access.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c index 9496081d362e..719808858dac 100644 --- a/lib/libpam/modules/pam_login_access/login_access.c +++ b/lib/libpam/modules/pam_login_access/login_access.c @@ -137,10 +137,10 @@ list_match(char *list, const char *item, if (match != NO) { while ((tok = strtok((char *) 0, listsep)) && strcmp(tok, "EXCEPT")) { /* VOID */ ; - if (tok == NULL || list_match((char *) 0, item, match_fn, - login_access_opts) == NO) { + } + if (tok == NULL || + list_match((char *) 0, item, match_fn, login_access_opts) == NO) { return (match); - } } } return (NO); |