X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=loginutils%2Flogin.c;h=70e85625b2ab60848955c646da0cc1b7c4e40d2d;hb=f2cbb03a378aa48f2e08b64877d54da3fab4ea6a;hp=b7b9ee1d84f41b08a425a2cd1accdddf17dfb4ce;hpb=54ac03a61885c714b4ef606b0a09129b27f72626;p=oweals%2Fbusybox.git diff --git a/loginutils/login.c b/loginutils/login.c index b7b9ee1d8..70e85625b 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -225,19 +225,22 @@ static void get_username_or_die(char *buf, int size_buf) /* skip whitespace */ do { c = getchar(); - if (c == EOF) exit(EXIT_FAILURE); + if (c == EOF) + exit(EXIT_FAILURE); if (c == '\n') { - if (!--cntdown) exit(EXIT_FAILURE); + if (!--cntdown) + exit(EXIT_FAILURE); goto prompt; } - } while (isspace(c)); + } while (isspace(c)); /* maybe isblank? */ *buf++ = c; if (!fgets(buf, size_buf-2, stdin)) exit(EXIT_FAILURE); if (!strchr(buf, '\n')) exit(EXIT_FAILURE); - while (isgraph(*buf)) buf++; + while ((unsigned char)*buf > ' ') + buf++; *buf = '\0'; } @@ -285,8 +288,8 @@ int login_main(int argc UNUSED_PARAM, char **argv) char *opt_host = opt_host; /* for compiler */ char *opt_user = opt_user; /* for compiler */ char *full_tty; - USE_SELINUX(security_context_t user_sid = NULL;) - USE_FEATURE_UTMP(struct utmp utent;) + IF_SELINUX(security_context_t user_sid = NULL;) + IF_FEATURE_UTMP(struct utmp utent;) #if ENABLE_PAM int pamret; pam_handle_t *pamh; @@ -333,7 +336,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) read_or_build_utent(&utent, run_by_root); if (opt & LOGIN_OPT_h) { - USE_FEATURE_UTMP(safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));) + IF_FEATURE_UTMP(safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));) fromhost = xasprintf(" on '%s' from '%s'", short_tty, opt_host); } else { fromhost = xasprintf(" on '%s'", short_tty); @@ -409,7 +412,9 @@ int login_main(int argc UNUSED_PARAM, char **argv) break; /* success, continue login process */ pam_auth_failed: - bb_error_msg("pam_%s call failed: %s (%d)", failed_msg, + /* syslog, because we don't want potential attacker + * to know _why_ login failed */ + syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg, pam_strerror(pamh, pamret), pamret); safe_strncpy(username, "UNKNOWN", sizeof(username)); #else /* not PAM */ @@ -457,7 +462,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) write_utent(&utent, username); - USE_SELINUX(initselinux(username, full_tty, &user_sid)); + IF_SELINUX(initselinux(username, full_tty, &user_sid)); /* Try these, but don't complain if they fail. * _f_chown is safe wrt race t=ttyname(0);...;chown(t); */ @@ -465,7 +470,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) fchmod(0, 0600); /* We trust environment only if we run by root */ - if (ENABLE_LOGIN_SCRIPTS && run_by_root) + if (ENABLE_LOGIN_SCRIPTS && run_by_root) run_login_script(pw, full_tty); change_identity(pw); @@ -482,7 +487,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) /* well, a simple setexeccon() here would do the job as well, * but let's play the game for now */ - USE_SELINUX(set_current_security_context(user_sid);) + IF_SELINUX(set_current_security_context(user_sid);) // util-linux login also does: // /* start new session */