From 1e3b75dc4ef9d34daecacba3dc096e0103cc8ac7 Mon Sep 17 00:00:00 2001 From: Eli Lipsitz Date: Tue, 24 Jan 2023 23:24:32 +0000 Subject: [PATCH] login: Fix segfault if unknown username is provided The 'login' command segfaults if the user provides an invalid username. This happens because 'getpwnam' returns NULL, and this is stored in a local variable. Later, after the password check fails, the pointer is dereferenced to produce the syslog message. This commit fixes the bug by instead using the 'username' variable in the log message, which is never NULL. --- toys/other/login.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toys/other/login.c b/toys/other/login.c index 46fe0f67..bcca4aea 100644 --- a/toys/other/login.c +++ b/toys/other/login.c @@ -91,7 +91,7 @@ void login_main(void) if (x) break; } - syslog(LOG_WARNING, "invalid password for '%s' on %s %s%s", pwd->pw_name, + syslog(LOG_WARNING, "invalid password for '%s' on %s %s%s", username, ttyname(tty), hh ? "from " : "", hh ? TT.h : ""); sleep(3); -- 2.39.2