#19: logger message uses uninitialized char buffer in group_match() of
pam_access.c
-----------------------+------------------------------
Reporter: nickfelt | Owner: pam-developers@…
Type: defect | Status: new
Priority: minor | Component: modules
Version: 1.1.x | Keywords:
Blocked By: | Blocking:
-----------------------+------------------------------
I was debugging my configuration of the pam_access module and noticed some
strange behavior in the debug-level logging messages, which I traced to
the `group_match()` function:
[
https://git.fedorahosted.org/cgit/linux-
pam.git/tree/modules/pam_access/pam_access.c#n566]
On line 576 it writes a log message using the `grptok` char buffer, which
has just been declared and not initialized. Presumably the logging call
should either use `tok` instead to print the group name in parentheses, or
the logging call should be moved below the `strncpy()` call, at which
point `grptok` is valid, to print the group name without parentheses. I
would've attached a patch but I wasn't sure which solution was preferable.
At least on my machine, the current code prints an empty string on the
first call to `group_match` and then on each successive call it prints the
value of grptok corresponding to the previous call to `group_match` that
is still in the buffer. I've attached my test-case
`/etc/security/access.conf` and the logging output I saw.
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/19>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project