pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most
notably if a user wants to change his password and enters the wrong one
in the preliminary check. This is apparently due to a missing check in
modules/pam_unix/support.c; this segfaults at -O2 simply because the
compiler doesn't initialize variables by default, and
_unix_verify_password() assumes that a pointer will be NULL if
pam_get_data() fails. The attached patch is one way to fix the problem.
Though I must ask, how much testing do the PAM modules get at -O2? This
could be just one latent bug of many, and that makes me edgy...
--
Kelledin
"If a server crashes in a server farm and no one pings it, does it still
cost four figures to fix?"
diff -Naur Linux-PAM-0.80/modules/pam_unix/support.c Linux-PAM-0.80-pam_unix/modules/pam_unix/support.c
--- Linux-PAM-0.80/modules/pam_unix/support.c 2005-07-08 09:20:07.000000000 +0000
+++ Linux-PAM-0.80-pam_unix/modules/pam_unix/support.c 2005-07-25 19:49:54.000000000 +0000
@@ -815,7 +815,10 @@
new->name = x_strdup(login_name);
/* any previous failures for this user ? */
- pam_get_data(pamh, data_name, &void_old);
+ if (pam_get_data(pamh, data_name, &void_old)!=PAM_SUCCESS) {
+ void_old = NULL;
+ }
+
old = void_old;
if (old != NULL) {
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
