← Back to branch summary

~ubuntu-branches/ubuntu/quantal/freeradius/quantal-updates

« back to all changes in this revision

Viewing changes to src/modules/rlm_unix/rlm_unix.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-02-24 09:17:15 UTC
  • Revision ID: package-import@ubuntu.com-20140224091715-937wg42e3muwf7tl
Tags: 2.1.12+dfsg-1.1ubuntu0.1
* SECURITY UPDATE: incorrect password expiration check
  - debian/patches/CVE-2011-4966.patch: check for both account and
    password expiration in src/modules/rlm_unix/rlm_unix.c.
  - CVE-2011-4966
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in rlm_pap module
  - debian/patches/CVE-2013-2015.patch: properly handle buffer size in
    src/modules/rlm_pap/rlm_pap.c.
  - CVE-2014-2015

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/modules/rlm_unix/rlm_unix.c
274
274
        /*
275
275
         *      Check if password has expired.
276
276
         */
 
277
        if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
 
278
            (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
 
279
                radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
 
280
                return RLM_MODULE_REJECT;
 
281
        }
 
282
        /*
 
283
         *      Check if account has expired.
 
284
         */
277
285
        if (spwd && spwd->sp_expire > 0 &&
278
286
            (request->timestamp / 86400) > spwd->sp_expire) {
279
 
                radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
 
287
                radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
280
288
                return RLM_MODULE_REJECT;
281
289
        }
282
290
#endif