Skip to content

Commit 940a7da

Browse files
ysfunknwon
ysf
and
unknwon
authored
security: fix improper PAM authorization handling (#6819)
Co-authored-by: Joe Chen <jc@unknwon.io>
1 parent 242deca commit 940a7da

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ All notable changes to Gogs are documented in this file.
2222
### Fixed
2323

2424
- _Security:_ Potential SSRF in repository migration. [#6754](https://github.com/gogs/gogs/issues/6754)
25+
- _Security:_ Improper PAM authorization handling. [#6810](https://github.com/gogs/gogs/issues/6810)
2526
- Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
2627

2728
### Removed

internal/auth/pam/pam.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,10 @@ func (c *Config) doAuth(login, password string) error {
2525
if err != nil {
2626
return err
2727
}
28-
29-
return t.Authenticate(0)
28+
29+
err = t.Authenticate(0)
30+
if err != nil {
31+
return err
32+
}
33+
return t.AcctMgmt(0)
3034
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy