Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to

dereference it. This will happen if we ^D at the Login: prompt without having provided a valid login before. Set pwd to NULL on bad login attempts to prevent audit_logout() from being called for a user which didn't actually log on. Reported by: Jerome Magnin jethro at docisland dot org
2006-03-28 15:30:42 +00:00 · 2006-03-28 15:30:42 +00:00 · 8f9370b050
commit 8f9370b050
parent 11d15d51b3
1 changed files with 4 additions and 1 deletions
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@ -343,6 +343,8 @@ main(int argc, char *argv[])
 		(void)printf("Login incorrect\n");
 		failures++;

+		pwd = NULL;
+
 		/*
 		 * Allow up to 'retry' (10) attempts, but start
 		 * backing off after 'backoff' (3) attempts.
@ -951,7 +953,8 @@ bail(int sec, int eval)
 {

 	pam_cleanup();
-	audit_logout();
+	if (pwd != NULL)
+		audit_logout();
 	(void)sleep(sec);
 	exit(eval);
 }