On Mon, Jul 25, Kelledin wrote: > pam_unix from Linux-PAM-0.80 can segfault if compiled with -O2--most > notably if a user wants to change his password and enters the wrong one > in the preliminary check. This is apparently due to a missing check in > modules/pam_unix/support.c; this segfaults at -O2 simply because the > compiler doesn't initialize variables by default, and > _unix_verify_password() assumes that a pointer will be NULL if > pam_get_data() fails. The attached patch is one way to fix the problem. > > Though I must ask, how much testing do the PAM modules get at -O2? This > could be just one latent bug of many, and that makes me edgy... This has nothing to do with -O2 or not. That it only happens for you with -O2 is pure luck (or missing of them). The compiler does not initialize the variable without -O2 neither. The only bug is, that the return value of pam_get_data is ignored. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
