oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use roken_get_*() instead of getpwuuid()

Browse Source 
Using non-reentrant getpwuid() (or getpwnam(), or getspnam())  can be
dangerous.  We had a report of a login application / PAM that calls
those, and Heimdal, by calling them too, clobbered the cached struct
passwd used by the login app / PAM.
This commit is contained in:
Nicolas Williams
2017-10-12 12:24:05 -05:00
committed by Nico Williams
parent 95eb83c424
commit 620862049e
7 changed files with 42 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
appl/otp/otp.c
View File

@@ -292,6 +292,7 @@ main (int argc, char **argv)
int uid = getuid();
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
int optidx = 0;
char userbuf[128];
setprogname (argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
@@ -332,12 +333,9 @@ main (int argc, char **argv)
return list_otps (argc, argv, user);
if (user == NULL) {
struct passwd *pwd;
pwd = k_getpwuid(uid);
if (pwd == NULL)
user = roken_get_username(userbuf, sizeof(userbuf));
if (user == NULL)
err (1, "You don't exist");
user = pwd->pw_name;
}
/*