From a24058d660aa3a9e29dfbbf4befde1597aa0835b Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Wed, 15 Apr 2009 17:50:17 +0000
Subject: [PATCH] 	* NEWS, srclib/getlong.c: Fix parsing of octal
 numbers.

	* NEWS, src/login.c: Fix segfault when no user is provided on the
	command line.
---
 ChangeLog     |  9 +++++++++
 NEWS          | 10 +++++++++-
 lib/getlong.c |  9 ++++++++-
 src/login.c   |  2 +-
 4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a8e15f5f..0f9824b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2009-04-15  Peter Vrabec <pvrabec@redhat.com>
+
+	* NEWS, srclib/getlong.c: Fix parsing of octal numbers.
+
+2009-04-15  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/login.c: Fix segfault when no user is provided on the
+	command line.
+
 2009-04-15  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* README, libmisc/system.c: Was contributed by Dan Walsh.
diff --git a/NEWS b/NEWS
index 8f96308d..4067c818 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,19 @@
 $Id$
 
-shadow-4.1.3 -> shadow-4.1.3.1						UNRELEASED
+shadow-4.1.3 -> shadow-4.1.3.1						2009-04-15
 
+*** security:
+- Due to bad parsing of octal permissions, the permissions on tty (login)
+  but also home directories, mailboxes, or UMASK were set wrongly (and
+  weirdly). Only shadow-4.1.3 was affected.
+
+*** general
 - vipw
   * SE Linux: Set the default context to the context of the file being
     edited. This ensures that the backup file inherit from the file's
     context.
+- login
+  * Fix regression when no user is specified on the command line.
 
 shadow-4.1.2.2 -> shadow-4.1.3						2009-04-12
 
diff --git a/lib/getlong.c b/lib/getlong.c
index 7f4c7d7c..d1820847 100644
--- a/lib/getlong.c
+++ b/lib/getlong.c
@@ -35,13 +35,20 @@
 #include <errno.h>
 #include "prototypes.h"
 
+/*
+ * getlong - extract a long integer provided by the numstr string in *result
+ *
+ * It supports decimal, hexadecimal or octal representations.
+ *
+ * Returns 0 on failure, 1 on success.
+ */
 int getlong (const char *numstr, long int *result)
 {
 	long val;
 	char *endptr;
 
 	errno = 0;
-	val = strtol (numstr, &endptr, 10);
+	val = strtol (numstr, &endptr, 0);
 	if (('\0' == numstr) || ('\0' != *endptr) || (ERANGE == errno)) {
 		return 0;
 	}
diff --git a/src/login.c b/src/login.c
index 39a0cc80..2ba452aa 100644
--- a/src/login.c
+++ b/src/login.c
@@ -682,7 +682,7 @@ int main (int argc, char **argv)
 		   set it to NULL */
 		retcode = pam_get_item (pamh, PAM_USER, (const void **)ptr_pam_user);
 		PAM_FAIL_CHECK;
-		if (pam_user[0] == '\0') {
+		if ((NULL != pam_user) && ('\0' == pam_user[0])) {
 			retcode = pam_set_item (pamh, PAM_USER, NULL);
 			PAM_FAIL_CHECK;
 		}