diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-03-16 18:44:49 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-03-16 18:44:49 +0000 |
commit | 966c9f19968896b7cf7c2543c61618c68b39c4f4 (patch) | |
tree | 3cfb329add0b1c7d78398335fc66c964ecefa2ed | |
parent | ae4ab6f021abf999cafe2d94fb55ef68d9dca5f2 (diff) |
Avoid potential corruption of passwd pointer auth_approval().
Also check for strdup() failure while I am here.
-rw-r--r-- | libexec/rexecd/rexecd.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c index 0c50cf8a8b3..7a1d90a76f7 100644 --- a/libexec/rexecd/rexecd.c +++ b/libexec/rexecd/rexecd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rexecd.c,v 1.19 2002/02/16 21:27:30 millert Exp $ */ +/* $OpenBSD: rexecd.c,v 1.20 2002/03/16 18:44:48 millert Exp $ */ /* * Copyright (c) 1983 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)rexecd.c 5.12 (Berkeley) 2/25/91";*/ -static char rcsid[] = "$OpenBSD: rexecd.c,v 1.19 2002/02/16 21:27:30 millert Exp $"; +static char rcsid[] = "$OpenBSD: rexecd.c,v 1.20 2002/03/16 18:44:48 millert Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -73,7 +73,6 @@ void error(); char *remote; char *envinit[1]; extern char **environ; -login_cap_t *lc; struct sockaddr_in asin = { AF_INET }; @@ -108,6 +107,10 @@ main(argc, argv) hp = gethostbyaddr((char *) &from.sin_addr, sizeof(from.sin_addr), from.sin_family); remote = strdup(hp ? hp->h_name : inet_ntoa(from.sin_addr)); + if (remote == NULL) { + (void)fprintf(stderr, "rexecd: strdup: %s\n", strerror(errno)); + exit(1); + } doit(0, &from); exit(0); @@ -128,6 +131,8 @@ doit(f, fromp) char buf[BUFSIZ], sig; int one = 1; int maxfd; + login_cap_t *lc; + auth_session_t *as; (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); @@ -168,6 +173,11 @@ doit(f, fromp) error("Login class incorrect.\n"); exit(1); } + as = auth_open(); + if (as == NULL || auth_setpwd(as, pwd) != 0) { + error("Unable to allocate memory.\n"); + exit(1); + } endpwent(); if (pwd->pw_uid) auth_checknologin(lc); @@ -274,7 +284,7 @@ doit(f, fromp) err(1, "unable to setup environment"); if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL)) err(1, "unable to set user context"); - if (auth_approval(NULL, lc, pwd->pw_name, "rexec") <= 0) + if (auth_approval(as, lc, pwd->pw_name, "rexec") <= 0) err(1, "approval failure"); cp = strrchr(pwd->pw_shell, '/'); |