Slightly better patch, can handle 0-length PIN (i.e. when we simply push Enter
for PIN)
KJ
--- ../pam-u2f-1.1.0/util.c 2020-08-10 09:19:44.000000000 +0200
+++ util.c 2021-04-25 15:45:41.780841355 +0200
@@ -1370,8 +1370,21 @@
goto out;
}
- if (pin_verification == FIDO_OPT_TRUE)
- pin = converse(pamh, PAM_PROMPT_ECHO_OFF, "Please enter the PIN: ");
+ if (pin_verification == FIDO_OPT_TRUE) {
+ pin = converse(pamh, PAM_PROMPT_ECHO_OFF, "Please enter the PIN: ");
+ if (!pin)
+ goto out;
+ else {
+ if (0 == strlen(pin)){
+ D(cfg->debug_file, "Empty PIN entered");
+ explicit_bzero(pin, strlen(pin));
+ free(pin);
+ pin = NULL;
+ goto out;
+ }
+
+ }
+ }
if (user_presence == FIDO_OPT_TRUE ||
user_verification == FIDO_OPT_TRUE) {
if (cfg->manual == 0 && cfg->cue && !cued) {
--
http://wolnelektury.pl/wesprzyj/teraz/
