diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2001-11-12 02:23:28 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2001-11-12 02:23:28 +0000 |
| commit | 568e5f97b27b1c9f8f87ed2c61a59cf15a2c0694 (patch) | |
| tree | e989e2e01b16c9a1dca5e56ff846520e0d01b7fa /modules/pam_issue | |
| parent | 99358b2b4e10db0778bcdf0ef829553f2d0b453f (diff) | |
Relevant BUGIDs: 476983
Purpose of commit: bugfixes
Commit summary:
---------------
lots of segfault potential removed. Nalin found the biggies.
Diffstat (limited to 'modules/pam_issue')
| -rw-r--r-- | modules/pam_issue/pam_issue.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index c4f2c6a6..1f4853de 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -49,7 +49,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, int retval = PAM_SUCCESS; FILE *fd; int parse_esc = 1; - char *prompt_tmp = NULL, *cur_prompt = NULL; + char *prompt_tmp = NULL; + const char *cur_prompt = NULL; struct stat st; char *issue_file = NULL; @@ -83,23 +84,38 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, if ((fd = fopen(issue_file, "r")) != NULL) { int tot_size = 0; - if (stat(issue_file, &st) < 0) + if (fstat(fileno(fd), &st) < 0) return PAM_IGNORE; - retval = pam_get_item(pamh, PAM_USER_PROMPT, (const void **) &cur_prompt); - if (retval != PAM_SUCCESS) + retval = pam_get_item(pamh, PAM_USER_PROMPT, + (const void **) &cur_prompt); + if (retval != PAM_SUCCESS) { return PAM_IGNORE; + } + if (cur_prompt == NULL) { + cur_prompt = ""; + } - /* first read in the issue file */ + /* first read in the issue file */ - if (parse_esc) + if (parse_esc) { prompt_tmp = do_prompt(fd); - else { + if (prompt_tmp == NULL) { + return PAM_IGNORE; + } + } else { int count = 0; + prompt_tmp = malloc(st.st_size + 1); - if (prompt_tmp == NULL) return PAM_IGNORE; + if (prompt_tmp == NULL) { + return PAM_IGNORE; + } memset (prompt_tmp, '\0', st.st_size + 1); count = fread(prompt_tmp, sizeof(char *), st.st_size, fd); + if (count != st.st_size) { + free(prompt_tmp); + return PAM_IGNORE; + } prompt_tmp[st.st_size] = '\0'; } @@ -111,15 +127,28 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, * alloc some extra space for the original prompt * and postpend it to the buffer */ - prompt_tmp = realloc(prompt_tmp, tot_size); + { + char *prompt_tmp_tmp = prompt_tmp; + + prompt_tmp = realloc(prompt_tmp, tot_size); + if (prompt_tmp == NULL) { + prompt_tmp = prompt_tmp_tmp; + retval = PAM_IGNORE; + goto cleanup; + } + } + strcpy(prompt_tmp+strlen(prompt_tmp), cur_prompt); prompt_tmp[tot_size] = '\0'; - retval = pam_set_item(pamh, PAM_USER_PROMPT, (const char *) prompt_tmp); + retval = pam_set_item(pamh, PAM_USER_PROMPT, + (const char *) prompt_tmp); + cleanup: free(issue_file); free(prompt_tmp); + } else { D(("could not open issue_file: %s", issue_file)); return PAM_IGNORE; @@ -231,19 +260,32 @@ char *do_prompt(FILE *fd) buf[0] = c; buf[1] = '\0'; } if ((strlen(issue) + strlen(buf)) < size + 1) { + char *old_issue = issue; + size += strlen(buf) + 1; issue = (char *) realloc (issue, size); + if (issue == NULL) { + free(old_issue); + return NULL; + } } strcat(issue, buf); } else { buf[0] = c; buf[1] = '\0'; if ((strlen(issue) + strlen(buf)) < size + 1) { + char *old_issue = issue; + size += strlen(buf) + 1; issue = (char *) realloc (issue, size); + if (issue == NULL) { + free(old_issue); + return NULL; + } } strcat(issue, buf); } } + return issue; } |