Improper PAM authorization handling

[ysf]

Gogs version

<= 0.13

Git version

N/A

Operating system

Archlinux

Database

n/a

Describe the bug

The security policy states not disclosing anything. So here is the report on huntr.dev it is only viewable to people with write access to this repository, an me: https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62/

To reproduce

See report

Expected behavior

See report

Additional context

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[unknwon]

Approved on huntr.dev, thank you!

[unknwon]

@ysf You already included a potential fix in the report, do you wanna do a PR or do you prefer me to investigate? (former is faster).

[ysf]

The idea was that you can look of the patch suits you. If so, I'll push it to a branch. Regular it's not possible to pick up the other bounty.

I'll create a PR asap.

[ysf]

There it is. Sry for my github inconvenience.