Segfault in pam_unix module (patch attached)
Kelledin
kelledin+PAM at skarpsey.dyndns.org
Mon Jul 25 20:27:45 UTC 2005
pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most
notably if a user wants to change his password and enters the wrong one
in the preliminary check. This is apparently due to a missing check in
modules/pam_unix/support.c; this segfaults at -O2 simply because the
compiler doesn't initialize variables by default, and
_unix_verify_password() assumes that a pointer will be NULL if
pam_get_data() fails. The attached patch is one way to fix the problem.
Though I must ask, how much testing do the PAM modules get at -O2? This
could be just one latent bug of many, and that makes me edgy...
--
Kelledin
"If a server crashes in a server farm and no one pings it, does it still
cost four figures to fix?"
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pam_unix.patch
URL: <http://listman.redhat.com/archives/pam-list/attachments/20050725/af10cf5f/attachment.ksh>
More information about the Pam-list
mailing list