> {
> int retval;
> udataptr myUser = &localUser;
> myConfigPtr myConfig = &localConfig;
> char user[15];
> char *password;
> myUser->usrname=user;
> char error_msg[30];
>
> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
> login:" ) != PAM_SUCCESS ) ) {
> strcpy( error_msg, "Could not obtain user name: " );
> strcat( error_msg, myUser->usrname );
You do not feel having a fixed length array of 30b with a 28b messages and
strcat'ing a username into it could cause problems?
This leads you with like 1 byte usernames.
> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
> login:" ) == PAM_SUCCESS ) ) {
> strcpy( error_msg, "Obtained username: " );
> strcat( error_msg, myUser->usrname );
Same deal here, however you have more wiggle room.
However, I am not a pam expert, so I can't really answer your question- I
just noticed those two potential overflows.
Justin F.
> --
> Jason Gerfen
> jason.gerfen@xxxxxxxxxxxx
>
> "And remember... If the ladies
> don't find you handsome, they
> should at least find you handy..."
> ~The Red Green show
>
> _______________________________________________
>
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
>
>
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
