[tac_plus] Patch for a crash when using long commands

Thu Jul 31 20:07:43 UTC 2014

Tue, Jul 29, 2014 at 06:18:05PM +0200, Marc Dequenes:
> Coin,
> 
> Sorry for the delay. I've not been able to work more on the subject
> and the client is unwilling to give any information.
> 
> I still got the trace i made when looking for a solution, and as there
> is nothing sensitive i attached it here.
> 
> As i remember it the configuration was pretty simple but using PAM for
> AD authentication.
> 
> Sorry i could not help more.
> Regards.

> #0  0x00000037aaa30265 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
>         pid = <value optimized out>

	...

this helped.

I believe this will fix your problem.

Index: do_author.c
===================================================================

--- do_author.c	(revision 3652)
+++ do_author.c	(working copy)
@@ -354,7 +354,7 @@
 {
     while (*s != '\0' && *s != '=' && *s != '*')
 	s++;
-    if (*s == '\0')
+    if (*s != '\0')
 	return(++s);
     return(NULL);
 }
@@ -374,8 +374,11 @@
     len = 0;
     for (i = 0; i < data->num_in_args; i++) {
 	nas_arg = data->input_args[i];
-	if (strncmp(nas_arg, "cmd-arg", strlen("cmd-arg")) == 0)
-	    len += strlen(value(nas_arg)) + 1;
+	if (strncmp(nas_arg, "cmd-arg", strlen("cmd-arg")) == 0) {
+	    v = value(nas_arg);
+	    if (v != NULL)
+		len += strlen(v) + 1;
+	}
     }
 
     if (len <= 0) {
@@ -395,9 +398,12 @@
 	    free(buf);
 	    return(NULL);
 	}
-	strcat(buf, v);
-	if (i < (data->num_in_args - 1))
-	    strcat(buf, " ");
+	strncat(buf, v, len - 1);
+	len -= strlen(v);
+	if (i < (data->num_in_args - 1)) {
+	    strncat(buf, " ", len - 1);
+	    len -= 1;
+	}
     }
     return(buf);
 }

