Date: Sun, 10 Mar 2002 18:12:27 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: freebsd-audit@FreeBSD.ORG Cc: des@FreeBSD.ORG, ache@FreeBSD.ORG Subject: Re: Fix for login.c in current Message-ID: <p0510153bb8b195fc00cd@[128.113.24.47]> In-Reply-To: <p05101530b8b014ffc5c7@[128.113.24.47]> References: <p05101530b8b014ffc5c7@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2:57 PM -0500 3/9/02, Garance A Drosihn wrote: >For some reason I often manage to mistype my super-clever root >password. On freebsd-current the syslog error message for >login failures is screwed-up. A tricky interaction happens in >the section: > if (olduser != NULL) > free(olduser); > olduser = username; > >The problem is that at this point olduser is *already* equal to >username (the pointer is exactly the same), so the first part is >free-ing both olduser and username, and then sets olduser to the >already-freed area. > >In my testing, the simple fix is: > >Index: login.c >=================================================================== >RCS file: /home/ncvs/src/usr.bin/login/login.c,v >retrieving revision 1.81 >diff -u -r1.81 login.c >--- login.c 5 Mar 2002 21:56:06 -0000 1.81 >+++ login.c 9 Mar 2002 19:36:19 -0000 >@@ -284,7 +284,6 @@ > if (failures > (pwd ? 0 : 1)) > badlogin(olduser); > } >- olduser = username; > > /* > * Load the PAM policy and set some variables > >The earlier section of code will set olduser when it needs to >be set, so there was no need for the line I'm deleting here. Note that I intend to commit this to -current before Friday (probably on Tuesday or Wednesday) unless someone knows of problem with it. I have been running with it for a few days without any problem, and have tried to test all the different paths thru the code. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510153bb8b195fc00cd>