From 33d78f2db60d3a86c38512f0502df559782cbdf6 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Wed, 5 Dec 2018 14:08:07 +0100 Subject: [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data into message Using memcpy, an amount of undefined data from the stack will be copied into the target buffer. While pam_conv probably doesn't evalute the extra data it still unclean to do that. It could lead up to an information leak somewhen. Signed-off-by: Christian Goll --- contribs/pam_slurm_adopt/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contribs/pam_slurm_adopt/helper.c b/contribs/pam_slurm_adopt/helper.c index 9c3e202a87..1bac0a0fcf 100644 --- a/contribs/pam_slurm_adopt/helper.c +++ b/contribs/pam_slurm_adopt/helper.c @@ -128,7 +128,7 @@ send_user_msg(pam_handle_t *pamh, const char *mesg) /* Construct msg to send to app. */ - memcpy(str, mesg, sizeof(str)); + strncpy(str, mesg, sizeof(str)); msg[0].msg_style = PAM_ERROR_MSG; msg[0].msg = str; pmsg[0] = &msg[0]; -- 2.16.4