diff options
Diffstat (limited to 'main/pam-pgsql/CVE-2013-0191.patch')
| -rw-r--r-- | main/pam-pgsql/CVE-2013-0191.patch | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/main/pam-pgsql/CVE-2013-0191.patch b/main/pam-pgsql/CVE-2013-0191.patch new file mode 100644 index 0000000000..d03fc30822 --- /dev/null +++ b/main/pam-pgsql/CVE-2013-0191.patch @@ -0,0 +1,11 @@ +--- ./src/backend_pgsql.c.orig 2013-02-07 13:06:48.982679657 +0000 ++++ ./src/backend_pgsql.c 2013-02-07 13:09:00.973830056 +0000 +@@ -258,7 +258,7 @@ + if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) { + if(PQntuples(res) == 0) { + rc = PAM_USER_UNKNOWN; +- } else { ++ } else if (!PQgetisnull(res, 0, 0)) { + char *stored_pw = PQgetvalue(res, 0, 0); + if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS; + free (tmp); |