Subject: Re: CVS commit: src/lib/libpam/modules/pam_unix
To: Luke Mewburn <lukem@NetBSD.org>
From: John Nemeth <firstname.lastname@example.org>
Date: 04/18/2005 21:30:30
On Sep 9, 8:54am, Luke Mewburn wrote:
} On Mon, Apr 18, 2005 at 09:10:48PM -0700, John Nemeth wrote:
} | On Aug 4, 3:47pm, Luke Mewburn wrote:
} | }
} | } Module Name: src
} | } Committed By: lukem
} | } Date: Tue Apr 19 03:40:16 UTC 2005
} | }
} | } Modified Files:
} | } src/lib/libpam/modules/pam_unix: pam_unix.c
} | }
} | } Log Message:
} | } Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
} | } failures, especially if we're going to ignore the return result.
} | Umm, I thought the result of the discussion was that POSIX
} | mandates that pwd be set to NULL for all errors AND when the entry
} | isn't found. Thus if pwd isn't set to NULL for some failure case then
} | getpwnam_r is very broken.
} True, it is very broken. However, if we're going to ignore the return
} result of a function yet check a pointer we've passed to it against
} NULL later on, it doesn't hurt to ensure that we assign the pointer
} to a known NULL value before invocation. That's the "safety boots"
Isn't this getting a bit paranoid? We could take a variety of
"safety boots" for various functions, but at some point we need to
trust that libc is correctly implemented. Besides, if there is a libc
bug wouldn't it be better to have lots of applications crash and burn
so the bug is quick found and exterminated?
}-- End of excerpt from Luke Mewburn