Subject: bin/32873: login(1) does not initialize lastlogx struct properly - fix supplied
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Johan Veenhuizen <veenhuizen@users.sourceforge.net>
List: netbsd-bugs
Date: 02/19/2006 00:20:01
>Number: 32873
>Category: bin
>Synopsis: login(1) does not initialize lastlogx struct properly - fix supplied
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Feb 19 00:20:01 +0000 2006
>Originator: Johan Veenhuizen
>Release: NetBSD 3.0
>Organization:
>Environment:
System: NetBSD n203-3.vildanden.afb.lu.se 3.0 NetBSD 3.0 (N203-3) #10: Fri Feb 17 00:15:48 CET 2006 jpv@n203-3.vildanden.afb.lu.se:/usr/src/sys/arch/i386/compile/N203-3 i386
Architecture: i386
Machine: i386
>Description:
The non-PAM version of login(1) does not properly initialize
the lastlogx struct, possibly causing random values to
slip through.
>How-To-Repeat:
Imagination.
>Fix:
Apply the following patch to login(1).
Also look into how 'have_ss' relates to the 'ss' struct.
It seems as if it's not always tested before reading 'ss'.
Should 'have_ss' be set true after the call to getpeername()
in update_db()?
Please be informed that the patch has NOT been tested.
My system uses the PAM version of login(1).
--- src.orig/usr.bin/login/login.c 2005-03-30 12:25:08.000000000 +0200
+++ src/usr.bin/login/login.c 2006-02-18 20:43:47.000000000 +0100
@@ -1002,10 +1002,14 @@
}
ll.ll_tv = now;
(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
- if (hostname) {
+ if (hostname)
(void)strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
+ else
+ (void)memset(ll.ll_host, '\0', sizeof(ll.ll_host));
+ if (have_ss)
ll.ll_ss = ss;
- }
+ else
+ (void)memset(&ll.ll_ss, 0, sizeof(ll.ll_ss));
if (updlastlogx(_PATH_LASTLOGX, pwd->pw_uid, &ll) != 0)
syslog(LOG_NOTICE, "Cannot update lastlogx: %m");
}
>Unformatted: