Subject: bin/31040: /usr/libexec/getty calls chown() and unlink() with uninitialized variable
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
List: netbsd-bugs
Date: 08/22/2005 13:12:00
>Number: 31040
>Category: bin
>Synopsis: /usr/libexec/getty calls chown() and unlink() with uninitialized variable
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Aug 22 13:12:00 +0000 2005
>Originator: Dr. Wolfgang Stukenbrock
>Release: NetBSD 2.0.2
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD s011 2.0.2 NetBSD 2.0.2 (NSW-Webproxy) #10: Mon Jun 13 14:14:26 CEST 2005 wgstuken@s012:/export/netbsd-2.0.2/usr/src/sys/arch/i386/compile/NSW-Webproxy i386
Architecture: i386
Machine: i386
>Description:
/usr/lib/getty may be called as "uugetty" or as "getty". In case of "uugetty" it does some uucp-locking.
In the uu-dependend code the variable "lockfile" will be setup to the lock-filename.
But at two places the variable is used without checking for the uu-dependency.
>How-To-Repeat:
look into the source code - will be done during every non-uucp-login.
>Fix:
Here is a patch, that will limit the access to the uu-dependend case at the two remaining places.
*** main.c 2005/08/22 12:27:39 1.1
--- main.c 2005/08/22 12:28:21
***************
*** 276,282 ****
syslog(LOG_ERR, "%s: can't create lockfile", ttyn);
exit(1);
}
! (void) chown(lockfile, ttyowner, 0);
login_tty(i);
}
}
--- 276,283 ----
syslog(LOG_ERR, "%s: can't create lockfile", ttyn);
exit(1);
}
! if (uugetty)
! (void) chown(lockfile, ttyowner, 0);
login_tty(i);
}
}
***************
*** 433,439 ****
signal(SIGINT, SIG_IGN);
if (NX && *NX)
tname = NX;
! unlink(lockfile);
}
}
--- 434,441 ----
signal(SIGINT, SIG_IGN);
if (NX && *NX)
tname = NX;
! if (uugetty)
! unlink(lockfile);
}
}