* Hannah Schroeter <[EMAIL PROTECTED]> [2008-09-11 15:20]:
> Hi!
>
> On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote:
> >I think you might want to check to see if the file exists not just if the
> >asprintf succeeds..
>
> >But yes I do agree this is useful functionality that I've tested quite
> >thoroughly...
>
> Another nit in the patch:
>
> >Index: authpf.c
> >===================================================================
> >RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v
> >retrieving revision 1.107
> >diff -u -r1.107 authpf.c
> >--- authpf.c 14 Feb 2008 01:49:17 -0000 1.107
> >+++ authpf.c 11 Sep 2008 12:49:09 -0000
> >@@ -314,10 +314,22 @@
> > signal(SIGQUIT, need_death);
> > signal(SIGTSTP, need_death);
> > while (1) {
> >+ struct stat sb;
> >+ char *path_message;
> >+
> > printf("\r\nHello %s. ", luser);
> > printf("You are authenticated from host \"%s\"\r\n", ipsrc);
> > setproctitle("[EMAIL PROTECTED]", luser, ipsrc);
> >- print_message(PATH_MESSAGE);
> >+
> >+ if (asprintf(&path_message, "%s/%s/authpf.message",
> >+ PATH_USER_DIR, luser) == -1)
> >+ do_death(1);
> >+ if (stat(path_message, &sb) == -1) {
>
> How about checking whether it's a regular file, too?
to preven symlinks? nah...
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
