Hi,
I was looking at some openssh code when I spotted a mistake
in a function from auth.c:
static int
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
char buf[MAXPATHLEN];
struct stat st;
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0) {
snprintf(err, errlen, "cannot stat file %s: %s",
buf, strerror(errno));
return -1;
}
return auth_secure_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen);
}
'buf' is not initialized and used whereas it should be 'file'.
Patch:
--- auth.c 2012-12-08 12:51:32.000000000 +0100
+++ auth.c 2012-12-13 19:11:30.968193729 +0100
@@ -404,13 +404,12 @@
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
- char buf[MAXPATHLEN];
struct stat st;
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0) {
snprintf(err, errlen, "cannot stat file %s: %s",
- buf, strerror(errno));
+ file, strerror(errno));
return -1;
}
return auth_secure_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen);
