Lines 1-62
Link Here
|
1 |
--- ../xlockmore-5.20.1.orig/xlock/passwd.c Mon Sep 26 17:11:20 2005 |
|
|
2 |
+++ xlock/passwd.c Mon Dec 12 15:04:31 2005 |
3 |
@@ -304,6 +304,16 @@ |
4 |
reply = (struct pam_response *) malloc(sizeof (struct pam_response) * |
5 |
num_msg); |
6 |
|
7 |
+// reply[] members is not initialized! |
8 |
+// As a result - abort trap when PAM tries to free reply structure |
9 |
+// after PAM_ERROR_MSG processing. |
10 |
+ |
11 |
+// So I just initialize reply here with default values and drop |
12 |
+// initialization from code below (if code matches). |
13 |
+ |
14 |
+ reply[replies].resp_retcode = PAM_SUCCESS; // be optimistic |
15 |
+ reply[replies].resp = NULL; |
16 |
+ |
17 |
if (!reply) |
18 |
return PAM_CONV_ERR; |
19 |
|
20 |
@@ -325,7 +335,6 @@ |
21 |
} |
22 |
else |
23 |
{ |
24 |
- reply[replies].resp_retcode = PAM_SUCCESS; |
25 |
reply[replies].resp = COPY_STRING(PAM_password); |
26 |
} |
27 |
#ifdef DEBUG |
28 |
@@ -340,11 +349,6 @@ |
29 |
{ |
30 |
PAM_putText( msg[replies], &reply[replies], False ); |
31 |
} |
32 |
- else |
33 |
- { |
34 |
- reply[replies].resp_retcode = PAM_SUCCESS; |
35 |
- reply[replies].resp = NULL; |
36 |
- } |
37 |
#ifdef DEBUG |
38 |
(void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" ); |
39 |
(void) printf( "Response is: (%s)\n, Return Code is: (%d)\n", |
40 |
@@ -357,11 +361,7 @@ |
41 |
{ |
42 |
PAM_putText( msg[replies], &reply[replies], False ); |
43 |
} |
44 |
- else |
45 |
- { |
46 |
- reply[replies].resp_retcode = PAM_SUCCESS; |
47 |
- reply[replies].resp = NULL; |
48 |
- } |
49 |
+ /* PAM frees resp */ |
50 |
#ifdef DEBUG |
51 |
(void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" ); |
52 |
(void) printf( "Response is: (%s)\n, Return Code is: (%d)\n", |
53 |
@@ -1205,8 +1205,7 @@ |
54 |
pam_error = pam_authenticate(pamh, 0); |
55 |
if (pam_error != PAM_SUCCESS) { |
56 |
if (!allowroot) { |
57 |
- pam_end(pamh, 0); |
58 |
- return False; |
59 |
+ PAM_BAIL; |
60 |
} |
61 |
|
62 |
/* Try as root; bail if no success there either */ |