spsf/HyperionOS
1
0
Fork 0
forked from Hyperion/HyperionOS
Code Pull Requests Activity

fixed elevate VULN

Browse Source
This commit is contained in:
Astronand
2026-03-11 08:52:41 -04:00
parent b08b14763a
commit bbda3b3937
5 changed files with 30 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Src/Hyperion-kernel/lib/modules/hyperion/40_auth.kmod
View File

@@ -236,12 +236,12 @@ local function nextUID()
return max + 1
end
function auth.login(username, password)
if type(username) ~= "string" or type(password) ~= "string" then
function auth.login(uid, password)
if type(uid) ~= "number" or type(password) ~= "string" then
return nil, "Authentication failure"
end
local entry = getPasswdByUsername(username)
local entry = getPasswdByUID(uid)
if not entry then
-- timing attack resistance
hashPassword(password, "aaaaaaaaaaaaaaaa")
@@ -619,4 +619,4 @@ if kernel.syscalls then
kernel.syscalls["setshell"] = auth.setShell
kernel.syscalls["sethomedir"] = auth.setHomedir
kernel.syscalls["setgid"] = auth.setGID
end
end