fdo-mirrors/fprintd
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/fprintd.git synced 2025-12-20 02:20:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
fprintd/pam
History
Exact
Siteshwar Vashisht 619ac0e8d1 pam: check for a memory allocation failure 
... identified through GCC analyzer:

```
Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:768:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
/usr/include/security/pam_modules.h:34:5: enter_function: entry to ‘pam_sm_authenticate’
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:843:6: branch_false: following ‘false’ branch...
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:846:7: branch_false: ...to here
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:846:6: branch_false: following ‘false’ branch...
 branch_false: ...to here
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:915:10: call_function: calling ‘do_auth’ from ‘pam_sm_authenticate’
  766|
  767|     data = calloc (1, sizeof (verify_data));
  768|->   data->max_tries = max_tries;
  769|     data->pamh = pamh;
  770|
```

Resolves: https://openscanhub.fedoraproject.org/task/51967/log/fprintd-1.94.5-1.fc43/scan-results.html#def5

Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
2025-05-26 15:08:06 +02:00
..
fingerprint-strings.h pam/fingerprint-strings: finger/fingerprint replacement 2025-04-02 11:49:12 +02:00
meson.build build: Do not use deprecated hacks in newer meson 2025-02-20 20:09:47 +00:00
pam_fprintd.c pam: check for a memory allocation failure 2025-05-26 15:08:06 +02:00
pam_fprintd.ver Revert "build: Ensure that gcov symbols are exposed when needed" 2020-02-05 17:09:19 +01:00
pam_fprintd_autoptrs.h Fix some bad indentation 2023-02-13 17:23:47 +01:00
README Add README for the PAM module 2008-12-04 13:23:50 +00:00

README 

PAM module for fingerprint authentication
-----------------------------------------

Using:
* Modify the appropriate PAM configuration file
(/etc/pam.d/system-auth-ac on Fedora systems), and add the line:
auth        sufficient    pam_fprintd.so
before the line:
auth        sufficient    pam_unix.so ...
* You can now enroll fingerprints using fprintd-enroll. The first available
  fingerprint available will be used to log you in.

Options:
* You can add the "debug" option on the pam configuration file line above,
  this will log more information from PAM to the file specified in your
  syslog configuration (/var/log/secure by default on Fedora)

Known issues:
* pam_fprintd does not support identifying the user itself as
  that would mean having the fingerprint reader on for all the time
  the user selection is displayed, and could damage the hardware.
  It could be fixed by having gdm/login only start the PAM conversation
  when there is activity
* pam_fprintd doesn't support entering either the password or a fingerprint,
  as pam_thinkfinger does, because it's a gross hack, and could be fixed
  by having the login managers run 2 separate PAM stacks