auth_mkvalue(3) may return NULL (if no memory is available), but
login_passwd.c and friends use the return value without checking.
$ cd /usr/src/libexec/
$ egrep -B 1 auth_mkval login_*/*.c
login_passwd/login_passwd.c- fprintf(back, BI_VALUE " errormsg %s\n",
login_passwd/login_passwd.c: auth_mkvalue("you are not in group
wheel"));
--
login_radius/login_radius.c- (void)fprintf(back, BI_VALUE "
challenge %s\n",
login_radius/login_radius.c: auth_mkvalue(challenge));
--
login_radius/login_radius.c- else if (emsg)
login_radius/login_radius.c: (void)fprintf(back, "value errormsg
%s\n", auth_mkvalue(emsg));
--
login_skey/login_skey.c- fprintf(back, BI_VALUE " challenge
%s\n",
login_skey/login_skey.c: auth_mkvalue(challenge));
--
login_token/login_token.c- fprintf(back, BI_VALUE "
challenge %s\n",
login_token/login_token.c: auth_mkvalue(challenge));
Is that considered acceptable in the context?
Ross
