Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/su - don't re-use the va list twice, leads to coredu...
details: https://anonhg.NetBSD.org/src/rev/9a52b9599a5f
branches: trunk
changeset: 787499:9a52b9599a5f
user: christos <christos%NetBSD.org@localhost>
date: Thu Jun 20 20:54:02 2013 +0000
description:
- don't re-use the va list twice, leads to coredumps.
- introduce and use a "safe" version of pam_strerror(3) that does not return
NULL
diffstat:
usr.bin/su/su_pam.c | 32 +++++++++++++++++++++++---------
1 files changed, 23 insertions(+), 9 deletions(-)
diffs (99 lines):
diff -r 71bb2da397d9 -r 9a52b9599a5f usr.bin/su/su_pam.c
--- a/usr.bin/su/su_pam.c Thu Jun 20 20:43:33 2013 +0000
+++ b/usr.bin/su/su_pam.c Thu Jun 20 20:54:02 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: su_pam.c,v 1.17 2012/03/15 02:02:23 joerg Exp $ */
+/* $NetBSD: su_pam.c,v 1.18 2013/06/20 20:54:02 christos Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else
-__RCSID("$NetBSD: su_pam.c,v 1.17 2012/03/15 02:02:23 joerg Exp $");
+__RCSID("$NetBSD: su_pam.c,v 1.18 2013/06/20 20:54:02 christos Exp $");
#endif
#endif /* not lint */
@@ -83,6 +83,18 @@
static void logit(const char *, ...) __printflike(1, 2);
+static const char *
+safe_pam_strerror(pam_handle_t *pamh, int pam_err) {
+ const char *msg;
+
+ if ((msg = pam_strerror(pamh, pam_err)) != NULL)
+ return msg;
+
+ static char buf[1024];
+ snprintf(buf, sizeof(buf), "Unknown pam error %d", pam_err);
+ return buf;
+}
+
int
main(int argc, char **argv)
{
@@ -215,7 +227,7 @@
PAM_END("pam_start");
/* Things went really bad... */
syslog(LOG_ERR, "pam_start failed: %s",
- pam_strerror(pamh, pam_err));
+ safe_pam_strerror(pamh, pam_err));
errx(EXIT_FAILURE, "pam_start failed");
}
@@ -239,9 +251,9 @@
*/
if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
syslog(LOG_WARNING, "BAD SU %s to %s%s: %s",
- username, user, ontty(), pam_strerror(pamh, pam_err));
+ username, user, ontty(), safe_pam_strerror(pamh, pam_err));
(void)pam_end(pamh, pam_err);
- errx(EXIT_FAILURE, "Sorry: %s", pam_strerror(pamh, pam_err));
+ errx(EXIT_FAILURE, "Sorry: %s", safe_pam_strerror(pamh, pam_err));
}
/*
@@ -267,7 +279,7 @@
pam_err = pam_get_item(pamh, PAM_USER, &newuser);
if (pam_err != PAM_SUCCESS) {
syslog(LOG_WARNING,
- "pam_get_item(PAM_USER): %s", pam_strerror(pamh, pam_err));
+ "pam_get_item(PAM_USER): %s", safe_pam_strerror(pamh, pam_err));
} else {
user = (char *)__UNCONST(newuser);
if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
@@ -423,11 +435,11 @@
pam_err = pam_setcred(pamh, PAM_DELETE_CRED);
if (pam_err != PAM_SUCCESS)
logit("pam_setcred: %s",
- pam_strerror(pamh, pam_err));
+ safe_pam_strerror(pamh, pam_err));
pam_err = pam_close_session(pamh, 0);
if (pam_err != PAM_SUCCESS)
logit("pam_close_session: %s",
- pam_strerror(pamh, pam_err));
+ safe_pam_strerror(pamh, pam_err));
(void)pam_end(pamh, pam_err);
exit(WEXITSTATUS(status));
break;
@@ -543,7 +555,7 @@
(void)execv(shell, np);
err(EXIT_FAILURE, "%s", shell);
done:
- logit("%s: %s", func, pam_strerror(pamh, pam_err));
+ logit("%s: %s", func, safe_pam_strerror(pamh, pam_err));
(void)pam_end(pamh, pam_err);
return EXIT_FAILURE;
}
@@ -555,6 +567,8 @@
va_start(ap, fmt);
vwarnx(fmt, ap);
+ va_end(ap);
+ va_start(ap, fmt);
vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
}
Home |
Main Index |
Thread Index |
Old Index