Make the PAM password strength checking module WARNS=2 safe.

lib/libpam/modules/pam_passwdqc/Makefile: Bump WARNS to 2. contrib/pam_modules/pam_passwdqc/pam_passwdqc.c: Bump _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600 so that vsnprint() is declared. Use the two new union types (pam_conv_item_t and pam_text_item_t) to resolve strict aliasing violations caused by casts to comply with the pam_get_item() API taking a "const void **" for all item types. Warnings are generated for casts that create "type puns" (pointers of conflicting sized types that are set to access the same memory location) since these pointers may be used in ways that violate C's strict aliasing rules. Casts to a new type must be performed through a union in order to be compliant, and access must be performed through only one of the union's data types during the lifetime of the union instance. Handle strict-aliasing warnings through pointer assignments, which drastically simplifies this change. Correct a CLANG "printf-like function with more arguments than format" error. Submitted by: gibbs Sponsored by: Spectra Logic
2025-01-01 00:18:15 +01:00 · 2013-08-27 15:50:26 +00:00 · 2013-08-27 15:50:26 +00:00 · caf6fbd81a
commit caf6fbd81a
parent 2710901380
2 changed files with 26 additions and 17 deletions
--- a/contrib/pam_modules/pam_passwdqc/pam_passwdqc.c
+++ b/contrib/pam_modules/pam_passwdqc/pam_passwdqc.c
@ -2,9 +2,9 @@
 * Copyright (c) 2000-2002 by Solar Designer. See LICENSE.
 */

-#define _XOPEN_SOURCE 500
+#define _XOPEN_SOURCE 600
 #define _XOPEN_SOURCE_EXTENDED
-#define _XOPEN_VERSION 500
+#define _XOPEN_VERSION 600
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdarg.h>
@ -132,17 +132,19 @@ static params_t defaults = {
 static int converse(pam_handle_t *pamh, int style, lo_const char *text,
    struct pam_response **resp)
 {
-	struct pam_conv *conv;
+	pam_item_t item;
+	lo_const struct pam_conv *conv;
 	struct pam_message msg, *pmsg;
 	int status;

-	status = pam_get_item(pamh, PAM_CONV, (pam_item_t *)&conv);
+	status = pam_get_item(pamh, PAM_CONV, &item);
 	if (status != PAM_SUCCESS)
 		return status;
+	conv = item;

 	pmsg = &msg;
 	msg.msg_style = style;
-	msg.msg = text;
+	msg.msg = (char *)text;

 	*resp = NULL;
 	return conv->conv(1, (lo_const struct pam_message **)&pmsg, resp,
@ -294,8 +296,11 @@ static int parse(params_t *params, pam_handle_t *pamh,
 	}

 	if (argc) {
-		say(pamh, PAM_ERROR_MSG, getuid() != 0 ?
-		    MESSAGE_MISCONFIGURED : MESSAGE_INVALID_OPTION, *argv);
+		if (getuid() != 0) {
+			say(pamh, PAM_ERROR_MSG, MESSAGE_MISCONFIGURED);
+		} else {
+			say(pamh, PAM_ERROR_MSG, MESSAGE_INVALID_OPTION, *argv);
+		}
 		return PAM_ABORT;
 	}

@ -311,7 +316,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 #ifdef HAVE_SHADOW
 	struct spwd *spw;
 #endif
-	char *user, *oldpass, *newpass, *randompass;
+	pam_item_t item;
+	lo_const char *user, *oldpass, *curpass;
+	char *newpass, *randompass;
 	const char *reason;
 	int ask_oldauthtok;
 	int randomonly, enforce, retries_left, retry_wanted;
@ -353,17 +360,19 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	if (flags & PAM_PRELIM_CHECK)
 		return status;

-	status = pam_get_item(pamh, PAM_USER, (pam_item_t *)&user);
+	status = pam_get_item(pamh, PAM_USER, &item);
 	if (status != PAM_SUCCESS)
 		return status;
+	user = item;

-	status = pam_get_item(pamh, PAM_OLDAUTHTOK, (pam_item_t *)&oldpass);
+	status = pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
 	if (status != PAM_SUCCESS)
 		return status;
+	oldpass = item;

 	if (params.flags & F_NON_UNIX) {
 		pw = &fake_pw;
-		pw->pw_name = user;
+		pw->pw_name = (char *)user;
 		pw->pw_gecos = "";
 	} else {
 		pw = getpwnam(user);
@ -405,13 +414,13 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		enforce = params.flags & F_ENFORCE_ROOT;

 	if (params.flags & F_USE_AUTHTOK) {
-		status = pam_get_item(pamh, PAM_AUTHTOK,
-		    (pam_item_t *)&newpass);
+		status = pam_get_item(pamh, PAM_AUTHTOK, &item);
 		if (status != PAM_SUCCESS)
 			return status;
-		if (!newpass || (check_max(&params, pamh, newpass) && enforce))
+		curpass = item;
+		if (!curpass || (check_max(&params, pamh, curpass) && enforce))
 			return PAM_AUTHTOK_ERR;
-		reason = _passwdqc_check(&params.qc, newpass, oldpass, pw);
+		reason = _passwdqc_check(&params.qc, curpass, oldpass, pw);
 		if (reason) {
 			say(pamh, PAM_ERROR_MSG, MESSAGE_WEAKPASS, reason);
 			if (enforce)
@ -487,7 +496,7 @@ retry:

 	if (!newpass) {
 		if (randompass) _pam_overwrite(randompass);
-		return PAM_AUTHTOK_ERR;
+		return status;
 	}

 	if (check_max(&params, pamh, newpass) && enforce) {
--- a/lib/libpam/modules/pam_passwdqc/Makefile
+++ b/lib/libpam/modules/pam_passwdqc/Makefile
@ -7,7 +7,7 @@ LIB=	pam_passwdqc
 SRCS=	pam_passwdqc.c passwdqc_check.c passwdqc_random.c wordset_4k.c
 MAN=	pam_passwdqc.8

-WARNS?=	0
+WARNS?=	2
 CFLAGS+= -I${SRCDIR}

 DPADD=	${LIBCRYPT}