On Sep 9,  8:54am, Luke Mewburn wrote:
} On Mon, Apr 18, 2005 at 09:10:48PM -0700, John Nemeth wrote:
}   | On Aug 4,  3:47pm, Luke Mewburn wrote:
}   | } 
}   | } Module Name:	src
}   | } Committed By:	lukem
}   | } Date:		Tue Apr 19 03:40:16 UTC 2005
}   | } 
}   | } Modified Files:
}   | } 	src/lib/libpam/modules/pam_unix: pam_unix.c
}   | } 
}   | } Log Message:
}   | } Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
}   | } failures, especially if we're going to ignore the return result.
}   | 
}   |      Umm, I thought the result of the discussion was that POSIX
}   | mandates that pwd be set to NULL for all errors AND when the entry
}   | isn't found.  Thus if pwd isn't set to NULL for some failure case then
}   | getpwnam_r is very broken.
} 
} True, it is very broken.  However, if we're going to ignore the return
} result of a function yet check a pointer we've passed to it against
} NULL later on, it doesn't hurt to ensure that we assign the pointer
} to a known NULL value before invocation.  That's the "safety boots"
} reference.

     Isn't this getting a bit paranoid?  We could take a variety of
"safety boots" for various functions, but at some point we need to
trust that libc is correctly implemented.  Besides, if there is a libc
bug wouldn't it be better to have lots of applications crash and burn
so the bug is quick found and exterminated?

}-- End of excerpt from Luke Mewburn