Relevant BUGIDs: 473034

Purpose of commit: bugfix

Commit summary:
---------------
pam_env was only coincidentally parsing environment variables correctly.
Bug report from weichangyang of hotmail com.

diff --git a/CHANGELOG b/CHANGELOG
index 59ec83cff5904df997fd9b507c5f1a4a78d2eabe..3979c040e3a0ac283abac69c0ec7fc458efe2cea 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,6 +49,9 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* pam_env: 'weichangyang of hotmail' pointed out a wild string with no
+  valid '\0' was leading to problems with sshd and suggested fix (Bug
+  473034 - agmorgan)
 * MANDIR cleanup. It defaults to /usr/share/man, but can be overridden
   using the --enable-mandir ./configure option, similarly for DOCDIR
   from Nalin (Bug 476940 - agmorgan)

diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 52e5449068dcc431352aa006d24ac078b41aea08..ba04c15e25f8aaf0be0c8a4b8ecadf40c6a45d31 100644 (file)
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -4,7 +4,7 @@
  * $Id$
  *
  * Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
- * Inspired by Andrew Morgan <morgan@parc.power.net, who also supplied the 
+ * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the 
  * template for this file (via pam_mail)
  */
 
@@ -536,12 +536,14 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
                    * call pam_getenv and _pam_get_item_byname -- sigh
                    */
                      
-  char type, tmpval[BUF_SIZE]; /* No unexpanded variable can be bigger than BUF_SIZE */
-  char tmp[MAX_ENV];   /* I know this shouldn't be hard-coded but it's so 
-                       * much easier this way */
+  /* No unexpanded variable can be bigger than BUF_SIZE */
+  char type, tmpval[BUF_SIZE];
+
+  /* I know this shouldn't be hard-coded but it's so much easier this way */
+  char tmp[MAX_ENV];
 
   D(("Remember to initialize tmp!"));
-  tmp[0] = '\0';
+  memset(tmp, 0, MAX_ENV);
 
   /* 
    * (possibly non-existent) environment variables can be used as values
@@ -563,15 +565,17 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
       } else {
        /* is it really a good idea to try to log this? */
        D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
-       _log_err(LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr);
+       _log_err(LOG_ERR, "Variable buffer overflow: <%s> + <%s>",
+                tmp, tmpptr);
       }
       continue;
     } 
     if ('$' == *orig || '@' == *orig) {
       if ('{' != *(orig+1)) {
-       D(("Expandable variables must be wrapped in {} <%s> - ignoring", orig));
-       _log_err(LOG_ERR, "Expandable variables must be wrapped in {} <%s> - ignoring", 
-                orig);
+       D(("Expandable variables must be wrapped in {}"
+          " <%s> - ignoring", orig));
+       _log_err(LOG_ERR, "Expandable variables must be wrapped in {}"
+                " <%s> - ignoring", orig);
        if ((strlen(tmp) + 1) < MAX_ENV) {
          tmp[strlen(tmp)] = *orig++;        /* Note the increment */
        }