#19: logger message uses uninitialized char buffer in group_match() of pam_access.c -----------------------+------------------------------ Reporter: nickfelt | Owner: pam-developers@… Type: defect | Status: new Priority: minor | Component: modules Version: 1.1.x | Keywords: Blocked By: | Blocking: -----------------------+------------------------------ I was debugging my configuration of the pam_access module and noticed some strange behavior in the debug-level logging messages, which I traced to the `group_match()` function: [https://git.fedorahosted.org/cgit/linux- pam.git/tree/modules/pam_access/pam_access.c#n566] On line 576 it writes a log message using the `grptok` char buffer, which has just been declared and not initialized. Presumably the logging call should either use `tok` instead to print the group name in parentheses, or the logging call should be moved below the `strncpy()` call, at which point `grptok` is valid, to print the group name without parentheses. I would've attached a patch but I wasn't sure which solution was preferable. At least on my machine, the current code prints an empty string on the first call to `group_match` and then on each successive call it prints the value of grptok corresponding to the previous call to `group_match` that is still in the buffer. I've attached my test-case `/etc/security/access.conf` and the logging output I saw. -- Ticket URL: <https://fedorahosted.org/linux-pam/ticket/19> linux-pam <http://fedorahosted.org/linux-pam> The Linux-PAM (Pluggable Authentication Modules) project