diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-09-04 10:51:41 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-09-04 10:51:41 +0000 |
| commit | e165d7bc3934136f4e22d417d7f429fa4cdd87d2 (patch) | |
| tree | 893af5ef9e310fbf316c605c34ee8c89f2159961 /lib/libpam | |
| parent | ec86402ecd3a4a8a7bb8651914cdd913ebcd37a4 (diff) | |
Notes
Diffstat (limited to 'lib/libpam')
| -rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.8 | 3 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_exec/pam_exec.c | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8 index bf8e22452435..a6836a0792c0 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.8 +++ b/lib/libpam/modules/pam_exec/pam_exec.8 @@ -74,7 +74,8 @@ Ignored for compatibility reasons. Use the program exit status as the return code of the pam_sm_* function. It must be a valid return value for this function. .It Cm expose_authtok -Write the authentication token to the program's standard input stream. +Write the authentication token to the program's standard input stream, +followed by a NUL character. .It Cm -- Stop options parsing; program and its arguments follow. diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c index 2b0e92914348..dc4a47e22c08 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.c +++ b/lib/libpam/modules/pam_exec/pam_exec.c @@ -254,7 +254,8 @@ _pam_exec(pam_handle_t *pamh, } rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL); if (rc == PAM_SUCCESS) { - authtok_size = strlen(authtok); + /* We include the trailing NUL-terminator. */ + authtok_size = strlen(authtok) + 1; } else { openpam_log(PAM_LOG_ERROR, "%s: pam_get_authtok(): %s", func, pam_strerror(pamh, rc)); |