← Back to branch summary

~ubuntu-branches/ubuntu/vivid/pam-pgsql/vivid-proposed

« back to all changes in this revision

Viewing changes to debian/patches/fix-698241-null-passwort-result-permits-login.patch

  • Committer: Package Import Robot
  • Author(s): Jan Dittberner
  • Date: 2014-10-06 22:51:18 UTC
  • mfrom: (1.1.6)
  • Revision ID: package-import@ubuntu.com-20141006225118-iece9omtd4gez96o
Tags: 0.7.3.2-1
* New upstream version
* drop debian/patches/fix-698241-null-passwort-result-permits-
  login.patch applied upstream
* drop patch debian/patches/pwtype_md5_postgres_fix_757556.patch
  applied upstream
* bump Standards-Version to 3.9.6 (no changes)
* remove autoconf generated files and add extend-diff-ignore to
  debian/source/options
* debian/rules: use dh --with autotools_dev to simplify debian/rules

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/fix-698241-null-passwort-result-permits-login.patch
1
 
Subject: Fix NULL password query result permits login with any password
2
 
Author: Lucas Clemente Vella
3
 
Origin: upstream, http://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
4
 
Bug: https://sourceforge.net/p/pam-pgsql/bugs/13/
5
 
Bug-Debian: http://bugs.debian.org/698241
6
 
--- a/src/backend_pgsql.c
7
 
+++ b/src/backend_pgsql.c
8
 
@@ -258,7 +258,7 @@
9
 
        if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) {
10
 
                if(PQntuples(res) == 0) {
11
 
                        rc = PAM_USER_UNKNOWN;
12
 
-               } else {
13
 
+               } else if (!PQgetisnull(res, 0, 0)) {
14
 
                        char *stored_pw = PQgetvalue(res, 0, 0);
15
 
                        if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS;
16
 
                        free (tmp);