On St, 2014-08-13 at 14:26 +0200, Robin Hack wrote: > --- > modules/pam_access/pam_access.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c > index 87626e7..266e685 100644 > --- a/modules/pam_access/pam_access.c > +++ b/modules/pam_access/pam_access.c > @@ -341,6 +341,9 @@ login_access (pam_handle_t *pamh, struct login_info *item) > int lineno = 0; /* for diagnostics */ > char *sptr; > > + /* Avoid unitialized use */ > + memset(line, 0, BUFSIZ); > + > if (item->debug) > pam_syslog (pamh, LOG_DEBUG, > "login_access: user=%s, from=%s, file=%s", This can be solved by reordering the condition where the uninitialized access is done: --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -412,8 +412,8 @@ login_access (pam_handle_t *pamh, struct login_info *item) return NO; } #ifdef HAVE_LIBAUDIT - if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL && - nonall_match == YES))) { + if (!item->noaudit && (match == YES || (match == ALL && + nonall_match == YES)) && line[0] == '-') { pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION, "pam_access", 0); } I prefer this solution. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list