[hackers] [slock] end{pw,sp}ent() can only be called after get{pw,sp}ent() || sin
commit 4339b507af01421e2deab63ca9ac3c5bdae5f4cc
Author: sin <sin_AT_2f30.org>
Date: Fri Nov 7 13:20:13 2014 +0000
end{pw,sp}ent() can only be called after get{pw,sp}ent()
Calling them unconditionally can result in memory corruption.
diff --git a/slock.c b/slock.c
index 399386b..d281965 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -73,7 +73,6 @@ getpw(void) { /* only run as root */
else
die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n");
}
- endpwent();
rval = pw->pw_passwd;
#if HAVE_SHADOW_H
_AT_@ -82,7 +81,6 @@ getpw(void) { /* only run as root */
sp = getspnam(getenv("USER"));
if(!sp)
die("slock: cannot retrieve shadow entry (make sure to suid or sgid slock)\n");
- endspent();
rval = sp->sp_pwdp;
}
#endif
Received on Sun Nov 09 2014 - 14:10:18 CET
This archive was generated by hypermail 2.3.0
: Sun Nov 09 2014 - 14:12:08 CET