USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: fix improper PAM authorization handling (#6819) 

Co-authored-by: Joe Chen <jc@unknwon.io>
pull/6817/head^2
ysf 2022-03-08 13:02:01 +01:00 committed by GitHub
parent 242deca524
commit 940a7da9d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -22,6 +22,7 @@ All notable changes to Gogs are documented in this file.
### Fixed
- _Security:_ Potential SSRF in repository migration. [#6754](https://github.com/gogs/gogs/issues/6754)
- _Security:_ Improper PAM authorization handling. [#6810](https://github.com/gogs/gogs/issues/6810)
- Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
### Removed

8
internal/auth/pam/pam.go
View File

@ -25,6 +25,10 @@ func (c *Config) doAuth(login, password string) error {
if err != nil {
return err
}
return t.Authenticate(0)
err = t.Authenticate(0)
if err != nil {
return err
}
return t.AcctMgmt(0)
}