diff -up linux-pam/modules/pam_exec/pam_exec.c.password-limit linux-pam/modules/pam_exec/pam_exec.c --- linux-pam/modules/pam_exec/pam_exec.c.password-limit 2014-08-26 14:02:19.000000000 +0200 +++ linux-pam/modules/pam_exec/pam_exec.c 2015-06-11 16:10:13.938035623 +0200 @@ -178,11 +178,11 @@ call_exec (const char *pam_type, pam_han } pam_set_item (pamh, PAM_AUTHTOK, resp); - authtok = strdupa (resp); + authtok = strndupa (resp, PAM_MAX_RESP_SIZE); _pam_drop (resp); } else - authtok = void_pass; + authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); if (pipe(fds) != 0) { diff -up linux-pam/modules/pam_exec/pam_exec.8.xml.password-limit linux-pam/modules/pam_exec/pam_exec.8.xml --- linux-pam/modules/pam_exec/pam_exec.8.xml.password-limit 2013-09-11 13:59:00.072175034 +0200 +++ linux-pam/modules/pam_exec/pam_exec.8.xml 2015-06-11 16:09:06.446512718 +0200 @@ -106,7 +106,8 @@ During authentication the calling command can read the password from stdin3 - . + . Only first PAM_MAX_RESP_SIZE + bytes of a password are provided to the command. diff -up linux-pam/modules/pam_unix/pam_unix_passwd.c.password-limit linux-pam/modules/pam_unix/pam_unix_passwd.c --- linux-pam/modules/pam_unix/pam_unix_passwd.c.password-limit 2014-06-19 13:50:08.000000000 +0200 +++ linux-pam/modules/pam_unix/pam_unix_passwd.c 2015-06-11 16:34:02.226260435 +0200 @@ -240,15 +240,22 @@ static int _unix_run_update_binary(pam_h /* wait for child */ /* if the stored password is NULL */ int rc=0; - if (fromwhat) - pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); - else - pam_modutil_write(fds[1], "", 1); - if (towhat) { - pam_modutil_write(fds[1], towhat, strlen(towhat)+1); + if (fromwhat) { + int len = strlen(fromwhat); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + pam_modutil_write(fds[1], fromwhat, len); } - else - pam_modutil_write(fds[1], "", 1); + pam_modutil_write(fds[1], "", 1); + if (towhat) { + int len = strlen(towhat); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + pam_modutil_write(fds[1], towhat, len); + } + pam_modutil_write(fds[1], "", 1); close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); diff -up linux-pam/modules/pam_unix/pam_unix.8.xml.password-limit linux-pam/modules/pam_unix/pam_unix.8.xml --- linux-pam/modules/pam_unix/pam_unix.8.xml.password-limit 2015-06-11 15:46:55.000000000 +0200 +++ linux-pam/modules/pam_unix/pam_unix.8.xml 2015-06-11 16:38:42.628587102 +0200 @@ -80,6 +80,13 @@ + The maximum length of a password supported by the pam_unix module + via the helper binary is PAM_MAX_RESP_SIZE + - currently 512 bytes. The rest of the password provided by the + conversation function to the module will be ignored. + + + The password component of this module performs the task of updating the user's password. The default encryption hash is taken from the ENCRYPT_METHOD variable from diff -up linux-pam/modules/pam_unix/passverify.c.password-limit linux-pam/modules/pam_unix/passverify.c --- linux-pam/modules/pam_unix/passverify.c.password-limit 2015-04-07 10:23:50.000000000 +0200 +++ linux-pam/modules/pam_unix/passverify.c 2015-06-15 10:53:32.903900010 +0200 @@ -1115,12 +1115,15 @@ getuidname(uid_t uid) int read_passwords(int fd, int npass, char **passwords) { + /* The passwords array must contain npass preallocated + * buffers of length MAXPASS + 1 + */ int rbytes = 0; int offset = 0; int i = 0; char *pptr; while (npass > 0) { - rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); + rbytes = read(fd, passwords[i]+offset, MAXPASS+1-offset); if (rbytes < 0) { if (errno == EINTR) continue; diff -up linux-pam/modules/pam_unix/passverify.h.password-limit linux-pam/modules/pam_unix/passverify.h --- linux-pam/modules/pam_unix/passverify.h.password-limit 2011-03-21 21:59:22.000000000 +0100 +++ linux-pam/modules/pam_unix/passverify.h 2015-06-11 16:26:27.184994387 +0200 @@ -8,7 +8,7 @@ #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT -#define MAXPASS 200 /* the maximum length of a password */ +#define MAXPASS PAM_MAX_RESP_SIZE /* the maximum length of a password */ #define OLD_PASSWORDS_FILE "/etc/security/opasswd" diff -up linux-pam/modules/pam_unix/support.c.password-limit linux-pam/modules/pam_unix/support.c --- linux-pam/modules/pam_unix/support.c.password-limit 2014-01-27 18:08:28.000000000 +0100 +++ linux-pam/modules/pam_unix/support.c 2015-06-11 16:30:35.452595477 +0200 @@ -609,7 +609,12 @@ static int _unix_run_helper_binary(pam_h /* if the stored password is NULL */ int rc=0; if (passwd != NULL) { /* send the password to the child */ - if (write(fds[1], passwd, strlen(passwd)+1) == -1) { + int len = strlen(passwd); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + if (write(fds[1], passwd, len) == -1 || + write(fds[1], "", 1) == -1) { pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); retval = PAM_AUTH_ERR; }