[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Segfault in pam_unix module (patch attached)



On Mon, Jul 25, Kelledin wrote:

> pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most 
> notably if a user wants to change his password and enters the wrong one 
> in the preliminary check.  This is apparently due to a missing check in 
> modules/pam_unix/support.c; this segfaults at -O2 simply because the 
> compiler doesn't initialize variables by default, and 
> _unix_verify_password() assumes that a pointer will be NULL if 
> pam_get_data() fails.  The attached patch is one way to fix the problem.
> 
> Though I must ask, how much testing do the PAM modules get at -O2?  This 
> could be just one latent bug of many, and that makes me edgy...

This has nothing to do with -O2 or not. That it only happens for you
with -O2 is pure luck (or missing of them). The compiler does not
initialize the variable without -O2 neither.

The only bug is, that the return value of pam_get_data is ignored.

  Thorsten

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk suse de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]