Segfault in pam_unix module (patch attached)
Thorsten Kukuk
kukuk at suse.de
Tue Jul 26 06:29:00 UTC 2005
On Mon, Jul 25, Kelledin wrote:
> pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most
> notably if a user wants to change his password and enters the wrong one
> in the preliminary check. This is apparently due to a missing check in
> modules/pam_unix/support.c; this segfaults at -O2 simply because the
> compiler doesn't initialize variables by default, and
> _unix_verify_password() assumes that a pointer will be NULL if
> pam_get_data() fails. The attached patch is one way to fix the problem.
>
> Though I must ask, how much testing do the PAM modules get at -O2? This
> could be just one latent bug of many, and that makes me edgy...
This has nothing to do with -O2 or not. That it only happens for you
with -O2 is pure luck (or missing of them). The compiler does not
initialize the variable without -O2 neither.
The only bug is, that the return value of pam_get_data is ignored.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Pam-list
mailing list