Package: libpam-modules Version: 0.79-2 Severity: normal Tags: patch The pam_limits.c source uses a strncpy to eliminiate leading whitespace, which valgrind picked up on, and the strncpy manpage forbids.
The below patch replaces it with a memcpy, bounded so that it won't copy
past the end of the input window, and puts the null up against the end
of the string.
diff -u pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c
pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c
--- pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c
+++ pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c
@@ -482,8 +482,8 @@
/* skip the leading white space */
while (*tptr && isspace(*tptr))
tptr++;
- strncpy(buf, tptr, sizeof(buf)-1);
- buf[sizeof(buf)-1] = '\0';
+ memmove(buf, tptr, sizeof(buf)-1-(tptr-buf));
+ buf[sizeof(buf)-1-(tptr-buf)] = '\0';
/* Rip off the comments */
tptr = strchr(buf,'#');
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (950, 'unstable'), (900, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Versions of packages libpam-modules depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libdb4.3 4.3.28-3 Berkeley v4.3 Database Libraries [
ii libpam0g 0.79-2 Pluggable Authentication Modules l
ii libselinux1 1.26-1 SELinux shared libraries
libpam-modules recommends no packages.
-- no debconf information
--
Paul "TBBle" Hampson, [EMAIL PROTECTED]
8th year CompSci/Asian Studies student, ANU
Shorter .sig for a more eco-friendly paperless office.
pgpdvp02XY6xc.pgp
Description: PGP signature
