Browse Source

fix use-after-free for expired passwds; ok deraadt, tdeval

OPENBSD_3_4
markus 21 years ago
parent
commit
54122b6b38
1 changed files with 9 additions and 7 deletions
  1. +9
    -7
      src/lib/libutil/check_expire.c

+ 9
- 7
src/lib/libutil/check_expire.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: check_expire.c,v 1.6 2002/06/09 22:18:43 fgsch Exp $ */
/* $OpenBSD: check_expire.c,v 1.7 2003/09/02 16:55:32 markus Exp $ */
/* /*
* Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved. * Copyright (c) 1997 Berkeley Software Design, Inc. All rights reserved.
@ -120,6 +120,8 @@ login_check_expire(back, pwd, class, lastchance)
} }
if (expire < 0) { if (expire < 0) {
if (lastchance) { if (lastchance) {
struct passwd *npwd;
endpwent(); endpwent();
/* /*
@ -128,12 +130,12 @@ login_check_expire(back, pwd, class, lastchance)
* This will most certainly cause any * This will most certainly cause any
* expired password to be dead, as well. * expired password to be dead, as well.
*/ */
pwd = pw_dup(pwd);
pwd->pw_change = 1;
p = pwd_update(pwd);
memset(pwd->pw_passwd, 0,
strlen(pwd->pw_passwd));
free(pwd);
npwd = pw_dup(pwd);
npwd->pw_change = 1;
p = pwd_update(npwd);
memset(npwd->pw_passwd, 0,
strlen(npwd->pw_passwd));
free(npwd);
if (p != NULL) { if (p != NULL) {
fprintf(back, BI_VALUE " errormsg %s", fprintf(back, BI_VALUE " errormsg %s",
auth_mkvalue(p)); auth_mkvalue(p));


Loading…
Cancel
Save