Date: Sun, 20 Jan 2002 22:45:10 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: markm@freebsd.org, des@freebsd.org, current@freebsd.org Subject: Step4, pam_opie getpwnam check fix for review Message-ID: <20020120194510.GA24069@nagual.pp.ru>
next in thread | raw e-mail | index | archive | help
Bug: getpwnum() (or getlogin() in earlier stage) may return NULL under various complex circumstanes, but following code not expect it and may cause NULL pointer reference and core dump. Fix: Add check for NULL and return PAM_AUTH_ERR --- pam_opie.c.bak Sun Jan 20 22:23:18 2002 +++ pam_opie.c Sun Jan 20 22:37:08 2002 @@ -89,7 +89,8 @@ user = NULL; if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) { - pwd = getpwnam(getlogin()); + if ((pwd = getpwnam(getlogin())) == NULL) + PAM_RETURN(PAM_AUTH_ERR); user = pwd->pw_name; } else { -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020120194510.GA24069>