pam_get_item() question
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Nov 16 19:21:14 UTC 2004
Oops, thanks for the pointer... I will modify that. Know anything about
using the pam_get_item()?
Justin F. wrote:
>>{
>> int retval;
>> udataptr myUser = &localUser;
>> myConfigPtr myConfig = &localConfig;
>> char user[15];
>> char *password;
>> myUser->usrname=user;
>> char error_msg[30];
>>
>> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
>>login:" ) != PAM_SUCCESS ) ) {
>> strcpy( error_msg, "Could not obtain user name: " );
>> strcat( error_msg, myUser->usrname );
>>
>>
>
>You do not feel having a fixed length array of 30b with a 28b messages and
>strcat'ing a username into it could cause problems?
>This leads you with like 1 byte usernames.
>
>
>
>
>> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
>>login:" ) == PAM_SUCCESS ) ) {
>> strcpy( error_msg, "Obtained username: " );
>> strcat( error_msg, myUser->usrname );
>>
>>
>
>
>Same deal here, however you have more wiggle room.
>
>
>However, I am not a pam expert, so I can't really answer your question- I
>just noticed those two potential overflows.
>
>Justin F.
>
>
>
>
>
>>--
>>Jason Gerfen
>>jason.gerfen at scl.utah.edu
>>
>>"And remember... If the ladies
>> don't find you handsome, they
>> should at least find you handy..."
>> ~The Red Green show
>>
>>_______________________________________________
>>Pam-list mailing list
>>Pam-list at redhat.com
>>https://www.redhat.com/mailman/listinfo/pam-list
>>
>>
>>
>>
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>
>
--
Jason Gerfen
Student Computing
Marriott Library
801.585.9810
jason.gerfen at scl.utah.edu
"And remember... If the ladies
don't find you handsome, they
should at least find you handy..."
~The Red Green show
More information about the Pam-list
mailing list