From owner-cvs-all@FreeBSD.ORG  Thu Apr  7 12:53:25 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8793016A4CE; Thu,  7 Apr 2005 12:53:25 +0000 (GMT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3BBA343D1F; Thu,  7 Apr 2005 12:53:25 +0000 (GMT)
	(envelope-from nectar@FreeBSD.org)
Received: from gw.celabo.org (localhost [127.0.0.1])
	by internal.gw.celabo.org (Postfix) with ESMTP id 05FD23E2C2B;
	Thu,  7 Apr 2005 07:53:16 -0500 (CDT)
Received: from lum.celabo.org (lum.celabo.org [10.0.1.107])
	by gw.celabo.org (Postfix) with ESMTP id EBAE23E2C2A;
	Thu,  7 Apr 2005 07:53:15 -0500 (CDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by lum.celabo.org (Postfix) with ESMTP id A61C0659EB;
	Thu,  7 Apr 2005 07:53:13 -0500 (CDT)
In-Reply-To: <20050407084309.GF644@wombat.fafoe.narf.at>
References: <200504051455.j35EtXfw046906@repoman.freebsd.org>
	<20050407084309.GF644@wombat.fafoe.narf.at>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <b92129f30074e2c42484286f24e15b6c@FreeBSD.org>
Content-Transfer-Encoding: 7bit
From: Jacques Vidrine <nectar@FreeBSD.org>
Date: Thu, 7 Apr 2005 07:53:12 -0500
To: Stefan Farfeleder <stefanf@FreeBSD.org>
X-Mailer: Apple Mail (2.619.2)
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on 
	hellblazer.celabo.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=ham version=3.0.2
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: des@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/libexec/rexecd rexecd.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2005 12:53:25 -0000


On Apr 7, 2005, at 3:43 AM, Stefan Farfeleder wrote:
> static void
> doit(struct sockaddr *fromp)
> {
>         char *cmdbuf, *cp;
>         int maxcmdlen;
>         char user[16], pass[16];
>
> ...
>
>         if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
>             !pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
>             !pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
>             !pam_ok(pam_authenticate(pamh, pam_flags)) ||
>             !pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
>             !pam_ok(pam_get_item(pamh, PAM_USER, (const void 
> **)&user)) ||
>
> I don't know anything about PAM, but apparently pam_get_item() stores 
> a pointer
> into *item.  Here the pointer value is written into the first few 
> bytes of the
> array `user' (assuming it is correctly aligned).

Which it isn't... see my post to -CURRENT.  Oops.
-- 
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org