PERFORCE change 96744 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat May 6 18:39:49 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=96744
Change 96744 by csjp at csjp_xor on 2006/05/06 18:39:24
Since pam_strerror(3) is capable of returning NULL, check the return value
and if it's NULL set a generic error message, instead of passing it along
in the audit record.
Affected files ...
.. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#16 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#16 (text+ko) ====
@@ -170,6 +170,9 @@
const char *p, *user, *shell, *mytty, **nargv;
struct sigaction sa, sa_int, sa_quit, sa_pipe;
int temp, fds[2];
+#ifdef USE_BSM_AUDIT
+ const char *aerr;
+#endif
shell = class = cleanenv = NULL;
asme = asthem = fastlogin = statusp = 0;
@@ -331,9 +334,11 @@
PAM_CHANGE_EXPIRED_AUTHTOK);
if (retcode != PAM_SUCCESS) {
#ifdef USE_BSM_AUDIT
+ aerr = pam_strerror(pamh, retcode);
+ if (aerr == NULL)
+ aerr = "Unknown PAM error";
if (audit_submit(AUE_su, getuid(), 1, EPERM,
- "pam_chauthtok: %s",
- pam_strerror(pamh, retcode)))
+ "pam_chauthtok: %s", aerr))
errx(1, "Permission denied");
#endif
syslog(LOG_ERR, "pam_chauthtok: %s",
More information about the trustedbsd-cvs
mailing list