From 8f9370b050153d6d91ae22eaab4b567fa0bb29fd Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 28 Mar 2006 15:30:42 +0000 Subject: [PATCH] Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to dereference it. This will happen if we ^D at the Login: prompt without having provided a valid login before. Set pwd to NULL on bad login attempts to prevent audit_logout() from being called for a user which didn't actually log on. Reported by: Jerome Magnin jethro at docisland dot org --- usr.bin/login/login.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index f23467de807..b7aa278cdab 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -343,6 +343,8 @@ main(int argc, char *argv[]) (void)printf("Login incorrect\n"); failures++; + pwd = NULL; + /* * Allow up to 'retry' (10) attempts, but start * backing off after 'backoff' (3) attempts. @@ -951,7 +953,8 @@ bail(int sec, int eval) { pam_cleanup(); - audit_logout(); + if (pwd != NULL) + audit_logout(); (void)sleep(sec); exit(eval); }