cvs commit: src/libexec/rexecd rexecd.c
Jacques Vidrine
nectar at FreeBSD.org
Thu Apr 7 05:53:25 PDT 2005
On Apr 7, 2005, at 3:43 AM, Stefan Farfeleder wrote:
> static void
> doit(struct sockaddr *fromp)
> {
> char *cmdbuf, *cp;
> int maxcmdlen;
> char user[16], pass[16];
>
> ...
>
> if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
> !pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
> !pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
> !pam_ok(pam_authenticate(pamh, pam_flags)) ||
> !pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
> !pam_ok(pam_get_item(pamh, PAM_USER, (const void
> **)&user)) ||
>
> I don't know anything about PAM, but apparently pam_get_item() stores
> a pointer
> into *item. Here the pointer value is written into the first few
> bytes of the
> array `user' (assuming it is correctly aligned).
Which it isn't... see my post to -CURRENT. Oops.
--
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the cvs-src
mailing list