[PATCH:xdm 4/5] Stop using username retrieved from PAM before pam_end frees it.

Alan Coopersmith alan.coopersmith at oracle.com
Thu Jun 2 22:10:11 PDT 2011


The first time a failed login message was syslogged it had the right
username, but subsequent ones kept reusing that pointer, even though
PAM had freed it and it may have been reused and filled with something
else, resulting in garbage user names for the later login failures.

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 greeter/greet.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/greeter/greet.c b/greeter/greet.c
index 5182650..8426a65 100644
--- a/greeter/greet.c
+++ b/greeter/greet.c
@@ -615,6 +615,10 @@ greet_user_rtn GreetUser(
 		greet->name = username;
 	    }
 	    FailedLogin (d, greet);
+	    if (greet->name == username) {
+		/* pam_end frees the value returned by pam_get_item */
+		greet->name = NULL;
+	    }
 	    RUN_AND_CHECK_PAM_ERROR(pam_end,
 				    (*pamhp, pam_error));
 	}
-- 
1.7.3.2



More information about the xorg-devel mailing list