tech-toolchain archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: libpam segfault when passwd passes NULL pamh (was Re: gcc -O2 produces invalid object code (x86_64, netbsd-5 branch))

Joerg Sonnenberger wrote:
There's also the issue of whether it's OK to pass random garbage to pam_strerror(). If it's not OK, then how does one print error messages for pam_start() failures? pam_start() doesn't set pamh on error, so its value could be anything.

Fully agreed. Given that pam_start can only fail due to programming errors or memory allocation, the error message is not very useful anyway. I think the attached patch is the best approach.

There's at least one other way pam_start() can fail: if you misspell the name of a pam module in an /etc/pam.d file. (Can you guess how I originally stumbled across the segfault? :-P) A "module not found" message would be useful.

We could modify pam_start() to set pamh to NULL on error so that pam_strerror() does the right thing, or we could do what we're doing now and simply ignore pamh in pam_strerror(). See the attached patch.


Home | Main Index | Thread Index | Old Index