Date: Sat, 9 Mar 2002 14:57:12 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: freebsd-audit@freebsd.org Subject: Fix for login.c in current Message-ID: <p05101530b8b014ffc5c7@[128.113.24.47]>
index | next in thread | raw e-mail
For some reason I often manage to mistype my super-clever root password. On freebsd-current the syslog error message for login failures is screwed-up. A tricky interaction happens in the section: if (olduser != NULL) free(olduser); olduser = username; The problem is that at this point olduser is *already* equal to username (the pointer is exactly the same), so the first part is free-ing both olduser and username, and then sets olduser to the already-freed area. In my testing, the simple fix is: Index: login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.81 diff -u -r1.81 login.c --- login.c 5 Mar 2002 21:56:06 -0000 1.81 +++ login.c 9 Mar 2002 19:36:19 -0000 @@ -284,7 +284,6 @@ if (failures > (pwd ? 0 : 1)) badlogin(olduser); } - olduser = username; /* * Load the PAM policy and set some variables The earlier section of code will set olduser when it needs to be set, so there was no need for the line I'm deleting here. Anyone see a problem if I commit this? -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101530b8b014ffc5c7>