[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Paul Szabo
psz at maths.usyd.edu.au
Wed Apr 22 00:41:21 UTC 2009
Dear Nicolas,
Had a quick look at src/login.c and libmisc/utmp.c, and see the "plain"
(not security) issues below. - The enspent() block should be moved up
in newgrp.c also.
Cheers, Paul
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--- login.c.bak 2009-04-22 09:34:08.000000000 +1000
+++ login.c 2009-04-22 10:32:53.000000000 +1000
@@ -533,6 +533,7 @@
(void) puts (_("No utmp entry. You must exec \"login\" from the lowest level \"sh\""));
exit (1);
}
+ /* Take note that utent may be NULL after this... */
tmptty = ttyname (0);
if (NULL == tmptty) {
@@ -625,15 +626,13 @@
if (rflg || hflg) {
cp = hostname;
- } else {
#ifdef HAVE_STRUCT_UTMP_UT_HOST
- if ('\0' != utent->ut_host[0]) {
- cp = utent->ut_host;
- } else
+/* Take care with utent that may be NULL */
+ } else if (utent != NULL && '\0' != utent->ut_host[0]) {
+ cp = utent->ut_host;
#endif /* HAVE_STRUCT_UTMP_UT_HOST */
- {
- cp = "";
- }
+ } else {
+ cp = "";
}
if ('\0' != *cp) {
--- utmp.c.bak 2009-04-22 09:34:34.000000000 +1000
+++ utmp.c 2009-04-22 10:32:55.000000000 +1000
@@ -93,6 +93,7 @@
* Return NULL if no entries exist in utmp for the current process.
*/
struct utmp *get_current_utmp (void)
+/* May return NULL. Should it return an "empty" (zeroed) something instead? */
{
struct utmp *ut;
struct utmp *ret = NULL;
@@ -109,6 +110,13 @@
&& ( (LOGIN_PROCESS == ut->ut_type)
|| (USER_PROCESS == ut->ut_type))
#endif
+/*
+ * We use HAVE_STRUCT_UTMP_UT_ID above (surely utmp has that??!!)
+ * Should we use
+ * HAVE_STRUCT_UTMP_UT_LINE below, or use
+ * HAVE_STRUCT_UTMP_UT_PID above
+ * (are defined anywhere?)
+ */
/* A process may have failed to close an entry
* Check if this entry refers to the current tty */
&& is_my_tty (ut->ut_line)) {
@@ -117,6 +125,7 @@
}
if (NULL != ut) {
+ /* malloc, or xmalloc as everywhere else? */
ret = malloc (sizeof (*ret));
memcpy (ret, ut, sizeof (*ret));
}
@@ -200,6 +209,7 @@
assert (NULL != name);
assert (NULL != line);
+ /* BUG: utent in login.c may be NULL (in prepare_utmpx also) */
assert (NULL != ut);
@@ -234,6 +244,7 @@
strncpy (utent->ut_line, line, sizeof (utent->ut_line));
#ifdef HAVE_STRUCT_UTMP_UT_ID
strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
+ /* BUG: set "correct" ut_id based on "line", in case we did not get any (in prepare_utmpx also) */
#endif /* HAVE_STRUCT_UTMP_UT_ID */
#ifdef HAVE_STRUCT_UTMP_UT_NAME
strncpy (utent->ut_name, name, sizeof (utent->ut_name));
More information about the Pkg-shadow-devel
mailing list