[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM 0.75

I'm debugging Linux-PAM under AIX 4.3.3 and noticed a few general issues:

1) examples/xsh.c seems to mis-report return code 28 (bad item) as "unknown module" (ret 27). While it is true that the module IS unknown it is not because the user edited the config file poorly. :-)

2) the parsing routine in libpam/pam_handlers.c:

filename = malloc(sizeof(PAM_CONFIG_DF)+strlen(pamh->service_name));

This line gives you what you want most of the time, but PAM_CONFIG_DF is defined as "/the/secure/dir/path/%s". Which is 2 bytes longer than you needed and creates the opportunity to attempt an fopen of the last two bytes of data that happened to be in that memory location.

It would be better to explicitly:

   sprintf(filename, "PAM_CONFIG_DF%s", pamh->service_name);
	    D(("opening %s", filename));

rather than:

   sprintf(filename, PAM_CONFIG_DF, pamh->service_name);
	    D(("opening %s", filename));

Comments welcome.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []