Hi!
On Thu, Sep 11, 2008 at 03:28:07PM +0200, Henning Brauer wrote:
>* Hannah Schroeter <[EMAIL PROTECTED]> [2008-09-11 15:20]:
>> On Thu, Sep 11, 2008 at 07:52:14AM -0500, Todd T. Fries wrote:
>> >I think you might want to check to see if the file exists not just if the
>> >asprintf succeeds..
>> >But yes I do agree this is useful functionality that I've tested quite
>> >thoroughly...
>> Another nit in the patch:
>> >Index: authpf.c
>> >===================================================================
>> >RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v
>> >retrieving revision 1.107
>> >diff -u -r1.107 authpf.c
>> >--- authpf.c 14 Feb 2008 01:49:17 -0000 1.107
>> >+++ authpf.c 11 Sep 2008 12:49:09 -0000
>> >@@ -314,10 +314,22 @@
>> > signal(SIGQUIT, need_death);
>> > signal(SIGTSTP, need_death);
>> > while (1) {
>> >+ struct stat sb;
>> >+ char *path_message;
>> >+
>> > printf("\r\nHello %s. ", luser);
>> > printf("You are authenticated from host \"%s\"\r\n", ipsrc);
>> > setproctitle("[EMAIL PROTECTED]", luser, ipsrc);
>> >- print_message(PATH_MESSAGE);
>> >+
>> >+ if (asprintf(&path_message, "%s/%s/authpf.message",
>> >+ PATH_USER_DIR, luser) == -1)
>> >+ do_death(1);
>> >+ if (stat(path_message, &sb) == -1) {
>> How about checking whether it's a regular file, too?
>to preven symlinks? nah...
stat follows symlinks, so that's no problem. However it'll prevent
directories, pipes, sockets and devices.
Kind regards,
Hannah.
