Date: Thu, 7 Apr 2005 07:53:12 -0500 From: Jacques Vidrine <nectar@FreeBSD.org> To: Stefan Farfeleder <stefanf@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/libexec/rexecd rexecd.c Message-ID: <b92129f30074e2c42484286f24e15b6c@FreeBSD.org> In-Reply-To: <20050407084309.GF644@wombat.fafoe.narf.at> References: <200504051455.j35EtXfw046906@repoman.freebsd.org> <20050407084309.GF644@wombat.fafoe.narf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 7, 2005, at 3:43 AM, Stefan Farfeleder wrote:
> static void
> doit(struct sockaddr *fromp)
> {
> char *cmdbuf, *cp;
> int maxcmdlen;
> char user[16], pass[16];
>
> ...
>
> if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
> !pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
> !pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
> !pam_ok(pam_authenticate(pamh, pam_flags)) ||
> !pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
> !pam_ok(pam_get_item(pamh, PAM_USER, (const void
> **)&user)) ||
>
> I don't know anything about PAM, but apparently pam_get_item() stores
> a pointer
> into *item. Here the pointer value is written into the first few
> bytes of the
> array `user' (assuming it is correctly aligned).
Which it isn't... see my post to -CURRENT. Oops.
--
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b92129f30074e2c42484286f24e15b6c>