Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Mar 2002 18:12:27 -0500
From:      Garance A Drosihn <drosih@rpi.edu>
To:        freebsd-audit@FreeBSD.ORG
Cc:        des@FreeBSD.ORG, ache@FreeBSD.ORG
Subject:   Re: Fix for login.c in current
Message-ID:  <p0510153bb8b195fc00cd@[128.113.24.47]>
In-Reply-To: <p05101530b8b014ffc5c7@[128.113.24.47]>
References:  <p05101530b8b014ffc5c7@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 2:57 PM -0500 3/9/02, Garance A Drosihn wrote:
>For some reason I often manage to mistype my super-clever root
>password.  On freebsd-current the syslog error message for
>login failures is screwed-up.  A tricky interaction happens in
>the section:
>		if (olduser != NULL)
>			free(olduser);
>		olduser = username;
>
>The problem is that at this point olduser is *already* equal to
>username (the pointer is exactly the same), so the first part is
>free-ing both olduser and username, and then sets olduser to the
>already-freed area.
>
>In my testing, the simple fix is:
>
>Index: login.c
>===================================================================
>RCS file: /home/ncvs/src/usr.bin/login/login.c,v
>retrieving revision 1.81
>diff -u -r1.81 login.c
>--- login.c	5 Mar 2002 21:56:06 -0000	1.81
>+++ login.c	9 Mar 2002 19:36:19 -0000
>@@ -284,7 +284,6 @@
>  			if (failures > (pwd ? 0 : 1))
>  				badlogin(olduser);
>  		}
>-		olduser = username;
>
>  		/*
>  		 * Load the PAM policy and set some variables
>
>The earlier section of code will set olduser when it needs to
>be set, so there was no need for the line I'm deleting here.

Note that I intend to commit this to -current before Friday
(probably on Tuesday or Wednesday) unless someone knows of
problem with it.  I have been running with it for a few days
without any problem, and have tried to test all the different
paths thru the code.

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510153bb8b195fc00cd>