Date: Sun, 20 Jan 2002 22:45:10 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: markm@freebsd.org, des@freebsd.org, current@freebsd.org Subject: Step4, pam_opie getpwnam check fix for review Message-ID: <20020120194510.GA24069@nagual.pp.ru>
next in thread | raw e-mail | index | archive | help
Bug:
getpwnum() (or getlogin() in earlier stage) may return NULL under
various complex circumstanes, but following code not expect it and may
cause NULL pointer reference and core dump.
Fix:
Add check for NULL and return PAM_AUTH_ERR
--- pam_opie.c.bak Sun Jan 20 22:23:18 2002
+++ pam_opie.c Sun Jan 20 22:37:08 2002
@@ -89,7 +89,8 @@
user = NULL;
if (pam_test_option(&options, PAM_OPT_AUTH_AS_SELF, NULL)) {
- pwd = getpwnam(getlogin());
+ if ((pwd = getpwnam(getlogin())) == NULL)
+ PAM_RETURN(PAM_AUTH_ERR);
user = pwd->pw_name;
}
else {
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020120194510.GA24069>