projects / oweals / busybox.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
*: optimize most of isXXXXX() macros
[oweals/busybox.git] / loginutils / login.c
diff --git a/loginutils/login.c b/loginutils/login.c
index 31b25a43e67b08f1f60812e1d399b71efa69f42e..70e85625b2ab60848955c646da0cc1b7c4e40d2d 100644 (file)
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -225,19 +225,22 @@ static void get_username_or_die(char *buf, int size_buf)
        /* skip whitespace */
        do {
                c = getchar();
-               if (c == EOF) exit(EXIT_FAILURE);
+               if (c == EOF)
+                       exit(EXIT_FAILURE);
                if (c == '\n') {
-                       if (!--cntdown) exit(EXIT_FAILURE);
+                       if (!--cntdown)
+                               exit(EXIT_FAILURE);
                        goto prompt;
                }
-       } while (isspace(c));
+       } while (isspace(c)); /* maybe isblank? */
 
        *buf++ = c;
        if (!fgets(buf, size_buf-2, stdin))
                exit(EXIT_FAILURE);
        if (!strchr(buf, '\n'))
                exit(EXIT_FAILURE);
-       while (isgraph(*buf)) buf++;
+       while ((unsigned char)*buf > ' ')
+               buf++;
        *buf = '\0';
 }
 
@@ -409,7 +412,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                break; /* success, continue login process */
 
  pam_auth_failed:
-               bb_error_msg("pam_%s call failed: %s (%d)", failed_msg,
+               /* syslog, because we don't want potential attacker
+                * to know _why_ login failed */
+               syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
                                        pam_strerror(pamh, pamret), pamret);
                safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
Unnamed repository; edit this file 'description' to name the repository.