FWIW, this latest patch can't be right:
+@@ -96,9 +98,13 @@
+ free(*(argv_copy+i));
+ #endif
+
+- syslog(LOG_INFO, "[%s, uid:%d sid:%d]: %s", getlogin(), getuid(),
getsid(0), logstring);
+- free(logstring);
++ getlogin_r( login, 255 );
++ if( login == 0 ) {
++ strcpy(login,"unknown");
++ }
+
++ syslog(LOG_INFO, "[%s, uid:%d sid:%d]: %s", login, getuid(), getsid(0),
logstring);
++ free(logstring);
+ }
+
+ int execve(const char *filename, char **argv, char **envp) {
if (login == 0) will always evaluate false -- the value of login is never
(cannot be) modified by the getlogin_r() call. The correct check would be:
if (getlogin_r(login, 255))
strcpy(login, "unknown");
Also, I wonder at some of the gratuitous uses of 'static' in this code.
'static' for a variable declared within a function doesn't /limit/ the scope
of the variable as it does outside, it /expands/ the scope of the variable
causing its value to be preserved across invocations of the function.
That's not warranted here, none of these variables are used for values that
are at all persistent.
Anyway, the bug is still RC in nature. Marc, do you expect to have time to
work on this, or shall I consider an NMU?
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
