auth: pam - Allow at most 1024 messages from PAM

author Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 15 May 2026 06:35:41 +0000 (09:35 +0300)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 22 May 2026 10:23:03 +0000 (13:23 +0300)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 15 May 2026 06:35:41 +0000 (09:35 +0300)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 22 May 2026 10:23:03 +0000 (13:23 +0300)
diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c

index a4fb7aebf176ae7a8868bff00bdfe55f83f9b792..623034dea26529d6dab83a504c6de32ab7b361a0 100644 (file)
--- a/src/auth/passdb-pam.c
+++ b/src/auth/passdb-pam.c
@@ -32,6 +32,8 @@
  #  define pam_const const
  #endif
  
+#define PAM_MAX_MESSAGES 1024
+
  typedef pam_const void *pam_item_t;
  
  struct pam_passdb_module {
@@ -112,6 +114,12 @@ pam_userpass_conv(int num_msg, pam_const struct pam_message **msg,
         int i;
  
         *resp_r = NULL;
+       if (num_msg > PAM_MAX_MESSAGES) {
+               e_error(authdb_event(ctx->request),
+                       "PAM wanted to send %u messages, which exceeds limit %u",
+                       num_msg, PAM_MAX_MESSAGES);
+               return PAM_CONV_ERR;
+       }
  
         resp = calloc(num_msg, sizeof(struct pam_response));
         if (resp == NULL)
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 15 May 2026 06:35:41 +0000 (09:35 +0300)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 22 May 2026 10:23:03 +0000 (13:23 +0300)