Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
        better error message if /proc/self/loginuid cannot be opened.

        * modules/pam_limits/pam_limits.c (process_limit): Check for
        variable overflow after multiplication [bnc#283001].

3 files changed, 22 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 4a75dd88..5c9374a3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2007-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
 
+	* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
+	better error message if /proc/self/loginuid cannot be opened.
+
+	* modules/pam_limits/pam_limits.c (process_limit): Check for
+	variable overflow after multiplication [bnc#283001].
+
 	* modules/pam_access/pam_access.c: Add new syntax for groups
 	in access.conf to differentiate group names from account names.
 	Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index f9a91164..bf6f09df 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -374,8 +374,13 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 
     switch(limit_item) {
         case RLIMIT_CPU:
-         if (rlimit_value != RLIM_INFINITY)
-            rlimit_value *= 60;
+	  if (rlimit_value != RLIM_INFINITY)
+	    {
+	      if (rlimit_value >= RLIM_INFINITY/60)
+		rlimit_value = RLIM_INFINITY;
+	      else
+		rlimit_value *= 60;
+	    }
          break;
         case RLIMIT_FSIZE:
         case RLIMIT_DATA:
@@ -385,7 +390,12 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
         case RLIMIT_MEMLOCK:
         case RLIMIT_AS:
          if (rlimit_value != RLIM_INFINITY)
-            rlimit_value *= 1024;
+	   {
+	     if (rlimit_value >= RLIM_INFINITY/1024)
+	       rlimit_value = RLIM_INFINITY;
+	     else
+	       rlimit_value *= 1024;
+	   }
     	 break;
 #ifdef RLIMIT_NICE
 	case RLIMIT_NICE:
@@ -674,7 +684,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 
 out:
     globfree(&globbuf);
-    if (retval != PAM_SUCCESS) 
+    if (retval != PAM_SUCCESS)
     {
        	pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE);
 	return retval;
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
index 3e9b4779..13509e7e 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -58,7 +58,8 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
 	if (fd < 0) {
 		if (errno != ENOENT) {
 			rc = 1;
-			pam_syslog(pamh, LOG_ERR, "set_loginuid failed opening loginuid");
+			pam_syslog(pamh, LOG_ERR,
+				   "Cannot open /proc/self/loginuid: %m");
 		}
 		return rc;
 	}