I'm debugging Linux-PAM under AIX 4.3.3 and noticed a few general issues:
1) examples/xsh.c seems to mis-report return code 28 (bad item) as
"unknown module" (ret 27). While it is true that the module IS unknown
it is not because the user edited the config file poorly. :-)
2) the parsing routine in libpam/pam_handlers.c:
filename = malloc(sizeof(PAM_CONFIG_DF)+strlen(pamh->service_name));
This line gives you what you want most of the time, but PAM_CONFIG_DF is
defined as "/the/secure/dir/path/%s". Which is 2 bytes longer than you
needed and creates the opportunity to attempt an fopen of the last two
bytes of data that happened to be in that memory location.
It would be better to explicitly:
sprintf(filename, "PAM_CONFIG_DF%s", pamh->service_name);
D(("opening %s", filename));
rather than:
sprintf(filename, PAM_CONFIG_DF, pamh->service_name);
D(("opening %s", filename));
Comments welcome.
