[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Segfault in pam_unix module (patch attached)



pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most notably if a user wants to change his password and enters the wrong one in the preliminary check. This is apparently due to a missing check in modules/pam_unix/support.c; this segfaults at -O2 simply because the compiler doesn't initialize variables by default, and _unix_verify_password() assumes that a pointer will be NULL if pam_get_data() fails. The attached patch is one way to fix the problem.

Though I must ask, how much testing do the PAM modules get at -O2? This could be just one latent bug of many, and that makes me edgy...

--
Kelledin
"If a server crashes in a server farm and no one pings it, does it still cost four figures to fix?"
diff -Naur Linux-PAM-0.80/modules/pam_unix/support.c Linux-PAM-0.80-pam_unix/modules/pam_unix/support.c
--- Linux-PAM-0.80/modules/pam_unix/support.c	2005-07-08 09:20:07.000000000 +0000
+++ Linux-PAM-0.80-pam_unix/modules/pam_unix/support.c	2005-07-25 19:49:54.000000000 +0000
@@ -815,7 +815,10 @@
 				new->name = x_strdup(login_name);
 
 				/* any previous failures for this user ? */
-				pam_get_data(pamh, data_name, &void_old);
+				if (pam_get_data(pamh, data_name, &void_old)!=PAM_SUCCESS) {
+					void_old = NULL;
+				}
+
 				old = void_old;
 
 				if (old != NULL) {

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]