summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcognet <cognet@FreeBSD.org>2006-03-28 15:30:42 +0000
committercognet <cognet@FreeBSD.org>2006-03-28 15:30:42 +0000
commitbd709e58838dbec13072e2c972b632e5bcf5a583 (patch)
treeeb3c6616fe1ff5021c7ea358b8afbe9603d995c3
parent332f3f5a7b651b0922cbb5efbb768487a44caad5 (diff)
downloadFreeBSD-src-bd709e58838dbec13072e2c972b632e5bcf5a583.zip
FreeBSD-src-bd709e58838dbec13072e2c972b632e5bcf5a583.tar.gz
Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to
dereference it. This will happen if we ^D at the Login: prompt without having provided a valid login before. Set pwd to NULL on bad login attempts to prevent audit_logout() from being called for a user which didn't actually log on. Reported by: Jerome Magnin jethro at docisland dot org
-rw-r--r--usr.bin/login/login.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index f23467d..b7aa278 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -343,6 +343,8 @@ main(int argc, char *argv[])
(void)printf("Login incorrect\n");
failures++;
+ pwd = NULL;
+
/*
* Allow up to 'retry' (10) attempts, but start
* backing off after 'backoff' (3) attempts.
@@ -951,7 +953,8 @@ bail(int sec, int eval)
{
pam_cleanup();
- audit_logout();
+ if (pwd != NULL)
+ audit_logout();
(void)sleep(sec);
exit(eval);
}
OpenPOWER on IntegriCloud