Package: pam Version: 0.76-22 If /etc/motd is empty, a file descriptor to it is left open in the login shell.
Here is an excerpt of pam_motd.c:
if ((fd = open(motd_path, O_RDONLY, 0)) >= 0) {
/* fill in message buffer with contents of motd */
if ((fstat(fd, &st) < 0) || !st.st_size)
return retval;
message.msg = mtmp = malloc(st.st_size+1);
/* if malloc failed... */
if (!message.msg) return retval;
read(fd, mtmp, st.st_size);
if (mtmp[st.st_size-1] == '\n')
mtmp[st.st_size-1] = '\0';
else
mtmp[st.st_size] = '\0';
close(fd);
/* Use conversation function to give user contents of motd */
pam_get_item(pamh, PAM_CONV, (const void **)&conversation);
conversation->conv(1, (const struct pam_message **)&pmessage,
&resp, conversation->appdata_ptr);
free(mtmp);
if (resp)
_pam_drop_reply(resp, 1);
}
As you can see on the third line, if /etc/motd is empty (st.st_size == 0),
the function returns without closing the file-descriptor. The same problem
would happen if fstat or malloc fails, but these are error conditions that
do not happen, while an empty motd is not exceptionnel.
Suggested fix: add "close(fd)" before each return in this part of the
function.
pgpxtjFuX8lP9.pgp
Description: PGP signature
