1
Subject: Fix NULL password query result permits login with any password
2
Author: Lucas Clemente Vella
3
Origin: upstream, http://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
4
Bug: https://sourceforge.net/p/pam-pgsql/bugs/13/
5
Bug-Debian: http://bugs.debian.org/698241
6
--- a/src/backend_pgsql.c
7
+++ b/src/backend_pgsql.c
9
if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) {
10
if(PQntuples(res) == 0) {
11
rc = PAM_USER_UNKNOWN;
13
+ } else if (!PQgetisnull(res, 0, 0)) {
14
char *stored_pw = PQgetvalue(res, 0, 0);
15
if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS;