auth: checkpassword - Fail if input from script contains NULs

Previously the input was just silently truncated at NULs.

diff --git a/src/auth/db-checkpassword.c b/src/auth/db-checkpassword.c
index 47e1ef32c93dc91ef14cfebe23d357c1f99d0c9e..2fd4ed163043bb01a9b3cc08f05626cc0ea2eac1 100644 (file)
--- a/src/auth/db-checkpassword.c
+++ b/src/auth/db-checkpassword.c
@@ -303,7 +303,7 @@ static void checkpassword_child_input(struct chkpw_auth_request *request)
 
        ret = read(request->fd_in, buf, sizeof(buf));
        if (ret > 0) {
-               str_append_n(request->input_buf, buf, ret);
+               str_append_data(request->input_buf, buf, ret);
                return;
        }
 
@@ -311,6 +311,11 @@ static void checkpassword_child_input(struct chkpw_auth_request *request)
                auth_request_log_error(request->request, AUTH_SUBSYS_DB,
                                       "read() failed: %m");
                checkpassword_internal_failure(&request);
+       } else if (memchr(str_data(request->input_buf), '\0',
+                         str_len(request->input_buf)) != NULL) {
+               auth_request_log_error(request->request, AUTH_SUBSYS_DB,
+                                      "NUL characters in checkpassword reply");
+               checkpassword_internal_failure(&request);
        } else if (strchr(str_c(request->input_buf), '\n') != NULL) {
                auth_request_log_error(request->request, AUTH_SUBSYS_DB,
                                       "LF characters in checkpassword reply");