diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-02 16:55:33 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-09-02 16:55:33 +0000 |
| commit | 4773aa74cf8b2a33172caadf018ae6f62940a0e3 (patch) | |
| tree | 249d3fd2c460ff763c42b9702dc4a7e9ddc316db /lib/libutil/check_expire.c | |
| parent | 650abc3231c31feccabdf50489e3a5682fd79b32 (diff) | |
fix use-after-free for expired passwds; ok deraadt, tdeval
Diffstat (limited to 'lib/libutil/check_expire.c')
| -rw-r--r-- | lib/libutil/check_expire.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/lib/libutil/check_expire.c b/lib/libutil/check_expire.c index ddae332586d..f1d1e438aa3 100644 --- a/lib/libutil/check_expire.c +++ b/lib/libutil/check_expire.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_expire.c,v 1.6 2002/06/09 22:18:43 fgsch Exp $ */ +/* $OpenBSD: check_expire.c,v 1.7 2003/09/02 16:55:32 markus Exp $ */ /* * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. @@ -120,6 +120,8 @@ login_check_expire(back, pwd, class, lastchance) } if (expire < 0) { if (lastchance) { + struct passwd *npwd; + endpwent(); /* @@ -128,12 +130,12 @@ login_check_expire(back, pwd, class, lastchance) * This will most certainly cause any * expired password to be dead, as well. */ - pwd = pw_dup(pwd); - pwd->pw_change = 1; - p = pwd_update(pwd); - memset(pwd->pw_passwd, 0, - strlen(pwd->pw_passwd)); - free(pwd); + npwd = pw_dup(pwd); + npwd->pw_change = 1; + p = pwd_update(npwd); + memset(npwd->pw_passwd, 0, + strlen(npwd->pw_passwd)); + free(npwd); if (p != NULL) { fprintf(back, BI_VALUE " errormsg %s", auth_mkvalue(p)); |