From owner-freebsd-audit  Sat Mar  9 11:57:17 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP id D9EDE37B400
	for <freebsd-audit@freebsd.org>; Sat,  9 Mar 2002 11:57:14 -0800 (PST)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g29JvDVu106624
	for <freebsd-audit@freebsd.org>; Sat, 9 Mar 2002 14:57:13 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p05101530b8b014ffc5c7@[128.113.24.47]>
Date: Sat, 9 Mar 2002 14:57:12 -0500
To: freebsd-audit@freebsd.org
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Fix for login.c in current
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

For some reason I often manage to mistype my super-clever root
password.  On freebsd-current the syslog error message for
login failures is screwed-up.  A tricky interaction happens in
the section:
		if (olduser != NULL)
			free(olduser);
		olduser = username;

The problem is that at this point olduser is *already* equal to
username (the pointer is exactly the same), so the first part is
free-ing both olduser and username, and then sets olduser to the
already-freed area.

In my testing, the simple fix is:

Index: login.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/login/login.c,v
retrieving revision 1.81
diff -u -r1.81 login.c
--- login.c	5 Mar 2002 21:56:06 -0000	1.81
+++ login.c	9 Mar 2002 19:36:19 -0000
@@ -284,7 +284,6 @@
  			if (failures > (pwd ? 0 : 1))
  				badlogin(olduser);
  		}
-		olduser = username;

  		/*
  		 * Load the PAM policy and set some variables

The earlier section of code will set olduser when it needs to
be set, so there was no need for the line I'm deleting here.

Anyone see a problem if I commit this?

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message