Re: [PATCH 1/4] pam_access: Avoid unitialized usage of line if (errno == ENOENT)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On St, 2014-08-13 at 14:26 +0200, Robin Hack wrote:
> ---
>  modules/pam_access/pam_access.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
> index 87626e7..266e685 100644
> --- a/modules/pam_access/pam_access.c
> +++ b/modules/pam_access/pam_access.c
> @@ -341,6 +341,9 @@ login_access (pam_handle_t *pamh, struct login_info *item)
>      int     lineno = 0;		/* for diagnostics */
>      char   *sptr;
>  
> +    /* Avoid unitialized use */
> +    memset(line, 0, BUFSIZ);
> +
>      if (item->debug)
>        pam_syslog (pamh, LOG_DEBUG,
>  		  "login_access: user=%s, from=%s, file=%s",

This can be solved by reordering the condition where the uninitialized
access is done:

--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -412,8 +412,8 @@ login_access (pam_handle_t *pamh, struct login_info *item)
        return NO;
     }
 #ifdef HAVE_LIBAUDIT
-    if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL &&
-       nonall_match == YES))) {
+    if (!item->noaudit && (match == YES || (match == ALL &&
+       nonall_match == YES)) && line[0] == '-') {
        pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION,
            "pam_access", 0);
     }


I prefer this solution.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)


_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux