From owner-svn-src-all@FreeBSD.ORG Mon Sep 29 14:24:31 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C1F3B4CB; Mon, 29 Sep 2014 14:24:31 +0000 (UTC) Received: from mail105.syd.optusnet.com.au (mail105.syd.optusnet.com.au [211.29.132.249]) by mx1.freebsd.org (Postfix) with ESMTP id 81FFC145; Mon, 29 Sep 2014 14:24:30 +0000 (UTC) Received: from c122-106-147-133.carlnfd1.nsw.optusnet.com.au (c122-106-147-133.carlnfd1.nsw.optusnet.com.au [122.106.147.133]) by mail105.syd.optusnet.com.au (Postfix) with ESMTPS id C64391041BC3; Mon, 29 Sep 2014 23:57:04 +1000 (EST) Date: Mon, 29 Sep 2014 23:56:59 +1000 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: "Bjoern A. Zeeb" Subject: Re: svn commit: r272281 - head/lib/libpam/modules/pam_login_access In-Reply-To: <4929EC39-0862-4547-B044-44C396529F74@FreeBSD.org> Message-ID: <20140929233019.C2907@besplex.bde.org> References: <201409291036.s8TAaFUs040310@svn.freebsd.org> <4929EC39-0862-4547-B044-44C396529F74@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.1 cv=AOuw8Gd4 c=1 sm=1 tr=0 a=7NqvjVvQucbO2RlWB8PEog==:117 a=PO7r1zJSAAAA:8 a=kj9zAlcOel0A:10 a=JzwRw_2MAAAA:8 a=6I5d2MoRAAAA:8 a=MYfIN0nJ268ONEqtP8QA:9 a=CjuIK1q_8ugA:10 a=SV7veod9ZcQA:10 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Dimitry Andric X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2014 14:24:31 -0000 On Mon, 29 Sep 2014, Bjoern A. Zeeb wrote: > > On 29 Sep 2014, at 11:10 , Dimitry Andric wrote: > >> On 29 Sep 2014, at 12:36, Bjoern A. Zeeb wrote: >>> ... >>> Log: >>> Hopefully fix build breakage with gcc passing void * instead of char * >>> to "%s" format string after r272280. >>> >>> Modified: head/lib/libpam/modules/pam_login_access/pam_login_access.c >>> ============================================================================== >>> --- head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 08:57:36 2014 (r272280) >>> +++ head/lib/libpam/modules/pam_login_access/pam_login_access.c Mon Sep 29 10:36:14 2014 (r272281) >>> @@ -94,7 +94,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int >>> PAM_VERBOSE_ERROR("%s is not allowed to log in on %s", >>> user, tty); >>> } else { >>> - PAM_LOG("Checking login.access for user %s", user); >>> + PAM_LOG("Checking login.access for user %s", >>> + (const char *)user); >>> if (login_access(user, "***unknown***") != 0) >>> return (PAM_SUCCESS); >>> PAM_VERBOSE_ERROR("%s is not allowed to log in", user); >>> >> >> Just a few lines after the one you fixed it accesses the same variable >> again. Why doesn't it warn there? And why is 'user' not a char * to >> begin with? :) > > For the latter ask des. > > the PAM_VERBOSE_ERROR goes into a function which (if remembering correctly) does the va_start and asprintf rather than just being a macro to printf. The arguments are not casted anywhere to that macro but I am, again, sure des will have an opinion on it;-) Just another bug. PAM_LOG() expands to a call to a function that is declared as __printflike() (but with a worse spelling). PAM_VERBOSE_ERROR() expands to a call to a function that is missing this declaration. Other bugs in PAM_VERBOSE_ERROR()'s function include not checking if asprintf() succeeded. malloc() failures can't happen, but it is bad to do dynamic allocation in an error-reporting routine. All uses of PAM_VERBOSE_ERROR() except 2 visible in the patch use a format with no args, so there aren't many print format errors to fix. asprintf() is a heavyweight method for constructing a format for printing these args (and some others that are automatically added). Bruce