From owner-freebsd-audit  Sun Mar 10 15:12:32 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP
	id E2AE437B402; Sun, 10 Mar 2002 15:12:29 -0800 (PST)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g2ANCSoX020182;
	Sun, 10 Mar 2002 18:12:28 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p0510153bb8b195fc00cd@[128.113.24.47]>
In-Reply-To: <p05101530b8b014ffc5c7@[128.113.24.47]>
References: <p05101530b8b014ffc5c7@[128.113.24.47]>
Date: Sun, 10 Mar 2002 18:12:27 -0500
To: freebsd-audit@FreeBSD.ORG
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: Fix for login.c in current
Cc: des@FreeBSD.ORG, ache@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

At 2:57 PM -0500 3/9/02, Garance A Drosihn wrote:
>For some reason I often manage to mistype my super-clever root
>password.  On freebsd-current the syslog error message for
>login failures is screwed-up.  A tricky interaction happens in
>the section:
>		if (olduser != NULL)
>			free(olduser);
>		olduser = username;
>
>The problem is that at this point olduser is *already* equal to
>username (the pointer is exactly the same), so the first part is
>free-ing both olduser and username, and then sets olduser to the
>already-freed area.
>
>In my testing, the simple fix is:
>
>Index: login.c
>===================================================================
>RCS file: /home/ncvs/src/usr.bin/login/login.c,v
>retrieving revision 1.81
>diff -u -r1.81 login.c
>--- login.c	5 Mar 2002 21:56:06 -0000	1.81
>+++ login.c	9 Mar 2002 19:36:19 -0000
>@@ -284,7 +284,6 @@
>  			if (failures > (pwd ? 0 : 1))
>  				badlogin(olduser);
>  		}
>-		olduser = username;
>
>  		/*
>  		 * Load the PAM policy and set some variables
>
>The earlier section of code will set olduser when it needs to
>be set, so there was no need for the line I'm deleting here.

Note that I intend to commit this to -current before Friday
(probably on Tuesday or Wednesday) unless someone knows of
problem with it.  I have been running with it for a few days
without any problem, and have tried to test all the different
paths thru the code.

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message