git: 9c738c4bca57 - stable/13 - login: Use getpwnam_r() instead of getpwnam().

Wed, 17 Jan 2024 10:29:48 -0800 

The branch stable/13 has been updated by des:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=9c738c4bca57354f9f66ebde0c4b625fa6d6c743

commit 9c738c4bca57354f9f66ebde0c4b625fa6d6c743
Author:     Dag-Erling Smørgrav <[email protected]>
AuthorDate: 2024-01-12 15:40:22 +0000
Commit:     Dag-Erling Smørgrav <[email protected]>
CommitDate: 2024-01-17 16:16:00 +0000

    login: Use getpwnam_r() instead of getpwnam().
    
    Since we expect the entry to still be valid after calling into PAM,
    which may call getpwnam() itself, we need to use getpwnam_r().
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Reviewed by:    kevans, imp, allanjude, markj
    Differential Revision:  https://reviews.freebsd.org/D43376
    
    (cherry picked from commit a3d80dd8aa6ac15877e00102ab174b417ac81d79)
    
    login: Missed an instance of getpwnam().
    
    Fixes:          a3d80dd8aa6ac15877e00102ab174b417ac81d79
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Reviewed by:    allanjude
    Differential Revision:  https://reviews.freebsd.org/D43423
    
    (cherry picked from commit 1e25eb287f3fdd763df98065dbf2e1eb201e4000)
---
 usr.bin/login/login.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index c96738151151..d0d4bb4a2394 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -116,6 +116,8 @@ static u_int                timeout = 300;
 /* Buffer for signal handling of timeout */
 static jmp_buf          timeout_buf;
 
+char                    pwbuf[1024];
+struct passwd           pwres;
 struct passwd          *pwd;
 static int              failures;
 
@@ -321,7 +323,7 @@ main(int argc, char *argv[])
                        bail(NO_SLEEP_EXIT, 1);
                }
 
-               pwd = getpwnam(username);
+               (void)getpwnam_r(username, &pwres, pwbuf, sizeof(pwbuf), &pwd);
                if (pwd != NULL && pwd->pw_uid == 0)
                        rootlogin = 1;
 
@@ -344,7 +346,7 @@ main(int argc, char *argv[])
                        (void)setpriority(PRIO_PROCESS, 0, 0);
                }
 
-               if (pwd && rval == 0)
+               if (pwd != NULL && rval == 0)
                        break;
 
                pam_cleanup();
@@ -708,8 +710,10 @@ auth_pam(void)
                pam_err = pam_get_item(pamh, PAM_USER, &item);
                if (pam_err == PAM_SUCCESS) {
                        tmpl_user = (const char *)item;
-                       if (strcmp(username, tmpl_user) != 0)
-                               pwd = getpwnam(tmpl_user);
+                       if (strcmp(username, tmpl_user) != 0) {
+                               (void)getpwnam_r(tmpl_user, &pwres, pwbuf,
+                                   sizeof(pwbuf), &pwd);
+                       }
                } else {
                        pam_syslog("pam_get_item(PAM_USER)");
                }

Reply via email to