From aa905fc8875c5c56351f10f4e40e6d2a7dd6d918 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 21 May 2025 12:32:16 -0400 Subject: [PATCH] further validation of output of `faillock` --- usr/libexec/security-misc/pam-info | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/usr/libexec/security-misc/pam-info b/usr/libexec/security-misc/pam-info index 49b959d..d0fec69 100755 --- a/usr/libexec/security-misc/pam-info +++ b/usr/libexec/security-misc/pam-info @@ -184,6 +184,14 @@ user_name="$(printf '%s\n' "$pam_faillock_output_first_line" | str_replace ":" " ## user ## root +if [ "$PAM_USER" != "$user_name" ]; then + printf '%s\n' "\ +$0: ERROR: Variable 'PAM_USER' '$PAM_USER' does not match variable 'user_name' '$user_name'. +ERROR: Please report this bug. +" >&2 + exit 1 +fi + pam_faillock_output_count="$(printf '%s\n' "$pam_faillock_output" | wc -l)" ## example pam_faillock_output_count: ## 2