Diff against version 0.50, from the FreeBSD ports.
What changes?
- No syslog message before sql "INSERT..." into mail.log (put into a DBG conditional block).
- Syslog message more properly reflects either 0 or >1 results from the select.
- Comments for both my changes.
Since the patch is small, it follows.
I'd appreciate any and all comments if this might have a negative impact on my server.
Thanks!
Andrew.
567a568,577
> /*
> If an attacker has syslog access, the following may be an information
> leak, but for the admin, might stop some head scratching...
> */
> if (mysql_num_rows(result) == 0) {
> syslog(LOG_ERR, "%s", "pam_mysql: select returned zero results");
> mysql_free_result(result);
> return PAM_AUTH_ERR;
> }
>
1005a1016,1021
> /*
> I do not like seeing a LOG_ERR entry BEFORE
> the saving of a log entry. I consider this debug information.
> So be it..
> */
> #ifdef DEBUG
1006a1023
> #endif
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Diff against version 0.50, from the FreeBSD ports.
What changes?
- No syslog message before sql "INSERT..." into mail.log (put into a DBG conditional block).
- Syslog message more properly reflects either 0 or >1 results from the select.
- Comments for both my changes.
Since the patch is small, it follows.
I'd appreciate any and all comments if this might have a negative impact on my server.
Thanks!
Andrew.
567a568,577
> /*
> If an attacker has syslog access, the following may be an information
> leak, but for the admin, might stop some head scratching...
> */
> if (mysql_num_rows(result) == 0) {
> syslog(LOG_ERR, "%s", "pam_mysql: select returned zero results");
> mysql_free_result(result);
> return PAM_AUTH_ERR;
> }
>
1005a1016,1021
> /*
> I do not like seeing a LOG_ERR entry BEFORE
> the saving of a log entry. I consider this debug information.
> So be it..
> */
> #ifdef DEBUG
1006a1023
> #endif