Bug#510990: marked as done (segfault caused by libpam-mount clobbers cron for encrypted home directories)

Wed, 07 Jan 2009 03:43:29 -0800 

Your message dated Wed, 07 Jan 2009 11:17:10 +0000
with message-id <[email protected]>
and subject line Bug#510990: fixed in libpam-mount 1.8-1
has caused the Debian Bug report #510990,
regarding segfault caused by libpam-mount clobbers cron for encrypted home 
directories
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
510990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510990
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libpam-mount
Version: 0.44-1+lenny3
Severity: important
Tags: patch


Per cron bug 484122 some (all?) users who are mounting their encrypted home 
directory with libpam-mount have been seeing a constant stream of segfaults 
in cron. Cron has been rendered useless in this environment.

strace and ltrace did not yield any interesting results so I have used gdb 
to localize the problem and propose a solution.

This patch seems to fix the problem for me:

----------------

diff --git a/src/pam_mount.c b/src/pam_mount.c
index 211a996..b86cd05 100644
--- a/src/pam_mount.c
+++ b/src/pam_mount.c
@@ -156,7 +156,7 @@ static int converse(pam_handle_t *pamh, int nargs,
        retval = pam_get_item(pamh, PAM_CONV, static_cast(const void **,
                 static_cast(void *, &conv)));
 
-       if (retval == PAM_SUCCESS) {
+       if (retval == PAM_SUCCESS && *resp != NULL) {
                retval = conv->conv(nargs, message, resp, 
conv->appdata_ptr);
                if (retval != PAM_SUCCESS)
                        l0g("conv->conv(...): %s\n", pam_strerror(pamh, 
retval));

----------------

There is another call to pam_get_item on line 270 of the same file which was 
suggestive of the necessary fix. Not understanding the software fully, I 
made the above minimal change, and it seems to be sufficient, though I 
continue to run with it and test.

This is my first patch submission to Debian, and I am treading in software 
that I do not really understand, so following is a verbose transcript of my 
gdb session:

(gdb) attach 3489
Attaching to process 3489
Reading symbols from /usr/sbin/cron...done.
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/i686/cmov/libnss_compat.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_compat.so.2
Reading symbols from /lib/i686/cmov/libnsl.so.1...done.
Loaded symbols for /lib/i686/cmov/libnsl.so.1
Reading symbols from /lib/i686/cmov/libnss_nis.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_nis.so.2
Reading symbols from /lib/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_files.so.2
0xb7f5e424 in __kernel_vsyscall ()
(gdb) set follow-fork-mode child
(gdb) cont
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 19892]
0x00000000 in ?? ()
(gdb) 

(gdb) info frame 0
Stack frame at 0xbfba1aa0:
 eip = 0x0; saved eip 0xb7b4cda1
 called by frame at 0xbfba1af0
 Arglist at 0xbfba1a98, args: 
 Locals at 0xbfba1a98, Previous frame's sp is 0xbfba1aa0
 Saved registers:
  eip at 0xbfba1a9c

(gdb) up
#1  0xb7b4cda1 in read_password (pamh=0x8841b00, 
    prompt=0x8846278 "reenter password for pam_mount:", pass=0xbfba1b38)
    at pam_mount.c:160
160                     retval = conv->conv(nargs, message, resp, 
conv->appdata_ptr);

(gdb) up
#2  0xb7b4ddf3 in pam_sm_open_session (pamh=0x8841b00, flags=32768, argc=1, 
    argv=0x8843ce0) at pam_mount.c:511
511                     ret = read_password(pamh, Config.msg_sessionpw, 
&system_authtok);

(gdb) up
#3  0xb7f693c1 in _pam_dispatch (pamh=0x8841b00, flags=32768, choice=4)
    at pam_dispatch.c:108
108                 retval = h->func(pamh, flags, h->argc, h->argv);

(gdb) up
#4  0xb7f6cfeb in pam_open_session (pamh=0x8841be8, flags=32768)
    at pam_session.c:23
23          retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION);

(gdb) up
#5  0x0804e848 in child_process (e=0x88418f8, u=0x88418d8) at 
.../do_command.c:228
228             retcode = pam_open_session(pamh, PAM_SILENT);

(gdb) up
#6  0x0804e36d in do_command (e=0x88418f8, u=0x88418d8) at 
.../do_command.c:102
102                     child_process(e, u);

(gdb) up
#7  0x0804e1e3 in job_runqueue () at ../job.c:68
68                      do_command(j->e, j->u);

(gdb) up
#8  0x0804a777 in main (argc=142875624, argv=0x0) at ../cron.c:270
270                     job_runqueue();

(gdb) up
Initial frame selected; you cannot go up.

(gdb) frame 0
#0  0x00000000 in ?? ()

(gdb) up
#1  0xb7b4cda1 in read_password (pamh=0x8841b00, 
    prompt=0x8846278 "reenter password for pam_mount:", pass=0xbfba1b38)
    at pam_mount.c:160
160                     retval = conv->conv(nargs, message, resp, 
conv->appdata_ptr);

(gdb) list
155             *resp = NULL;
156             retval = pam_get_item(pamh, PAM_CONV, static_cast(const void 
**,
157                      static_cast(void *, &conv)));
158
159             if (retval == PAM_SUCCESS) {
160                     retval = conv->conv(nargs, message, resp, 
conv->appdata_ptr);
161                     if (retval != PAM_SUCCESS)
162                             l0g("conv->conv(...): %s\n", 
pam_strerror(pamh, retval));
163             } else {
164                     l0g("pam_get_item: %s\n", pam_strerror(pamh, 
retval));
(gdb) 

(gdb) print *resp
Cannot access memory at address 0x0

(gdb) print resp
$3 = (struct pam_response *) 0x0
(gdb) 

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-mount depends on:
ii  debconf                    1.5.24        Debian configuration management sy
ii  libc6                      2.7-16        GNU C Library: Shared libraries
ii  libhx13                    1.18-1        A library providing queue, tree, I
ii  libpam0g                   1.0.1-4       Pluggable Authentication Modules l
ii  libssl0.9.8                0.9.8g-14     SSL shared libraries
ii  libxml-writer-perl         0.604-1       Perl module for writing XML docume
ii  libxml2                    2.6.32.dfsg-5 GNOME XML library
ii  mount                      2.13.1.1-1    Tools for mounting and manipulatin

libpam-mount recommends no packages.

Versions of packages libpam-mount suggests:
ii  cryptsetup                 2:1.0.6-7     configures encrypted block devices
pn  davfs2                     <none>        (no description available)
ii  fuse-utils                 2.7.4-1.1     Filesystem in USErspace (utilities
ii  lsof                       4.78.dfsg.1-4 List open files
pn  ncpfs                      <none>        (no description available)
ii  openssl                    0.9.8g-14     Secure Socket Layer (SSL) binary a
ii  psmisc                     22.6-1        Utilities that use the proc filesy
pn  smbfs                      <none>        (no description available)
pn  truecrypt-utils            <none>        (no description available)

-- debconf information:
* libpam-mount/convert-xml-config: true

diff --git a/src/pam_mount.c b/src/pam_mount.c
index 211a996..b86cd05 100644
--- a/src/pam_mount.c
+++ b/src/pam_mount.c
@@ -156,7 +156,7 @@ static int converse(pam_handle_t *pamh, int nargs,
 	retval = pam_get_item(pamh, PAM_CONV, static_cast(const void **,
 	         static_cast(void *, &conv)));
 
-	if (retval == PAM_SUCCESS) {
+	if (retval == PAM_SUCCESS && *resp != NULL) {
 		retval = conv->conv(nargs, message, resp, conv->appdata_ptr);
 		if (retval != PAM_SUCCESS)
 			l0g("conv->conv(...): %s\n", pam_strerror(pamh, retval));

--- End Message ---
--- Begin Message --- 
Source: libpam-mount
Source-Version: 1.8-1

We believe that the bug you reported is fixed in the latest version of
libpam-mount, which is due to be installed in the Debian FTP archive:

libpam-mount_1.8-1.diff.gz
  to pool/main/libp/libpam-mount/libpam-mount_1.8-1.diff.gz
libpam-mount_1.8-1.dsc
  to pool/main/libp/libpam-mount/libpam-mount_1.8-1.dsc
libpam-mount_1.8-1_amd64.deb
  to pool/main/libp/libpam-mount/libpam-mount_1.8-1_amd64.deb
libpam-mount_1.8.orig.tar.gz
  to pool/main/libp/libpam-mount/libpam-mount_1.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Kleineidam <[email protected]> (supplier of updated libpam-mount 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Jan 2009 10:12:37 +0100
Source: libpam-mount
Binary: libpam-mount
Architecture: source amd64
Version: 1.8-1
Distribution: unstable
Urgency: low
Maintainer: Bastian Kleineidam <[email protected]>
Changed-By: Bastian Kleineidam <[email protected]>
Description: 
 libpam-mount - PAM module that can mount volumes for a user session
Closes: 509233 510990
Changes: 
 libpam-mount (1.8-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes segfault when used in cron environments (Closes: #510990)
   * Removed use_first_pass from common-pammount (Closes: #509233)
Checksums-Sha1: 
 658b821d8e3e8c2362b773ebd5cfe8d2e12b47b7 1213 libpam-mount_1.8-1.dsc
 973fe0a1b586a1d001ca35459f71bf2ad19a750b 399699 libpam-mount_1.8.orig.tar.gz
 11b57988148772f94037921314d332021e864068 20937 libpam-mount_1.8-1.diff.gz
 3e6f0e92c5a2bfafadc81d520576759b3b52f85e 126094 libpam-mount_1.8-1_amd64.deb
Checksums-Sha256: 
 ee400b4f8bdee4faa4fcc4b18c85c194bf6dad8029693b825dedd0ba2e2a6493 1213 
libpam-mount_1.8-1.dsc
 541ab0dbb13383c376d29889f0391dcbfdba1660df4b938fa5f9c13db5bd18c6 399699 
libpam-mount_1.8.orig.tar.gz
 c34cc69a3ce377cc4cfecdeecca38fc64c81c650848e80fecf776e089c6582a0 20937 
libpam-mount_1.8-1.diff.gz
 99c1f1f48f4627750ee5b94adc119f8201ffc9c2f8479e1a4a1dea9ad010c05d 126094 
libpam-mount_1.8-1_amd64.deb
Files: 
 146f241f11cd26358bed6a2f66f66d06 1213 admin extra libpam-mount_1.8-1.dsc
 6cfe578f6335beef0767937607ed1a91 399699 admin extra 
libpam-mount_1.8.orig.tar.gz
 1182d9f897b39dfed42bd5d63161fe4d 20937 admin extra libpam-mount_1.8-1.diff.gz
 638dd5f3d4632b456c963d9bface8e8f 126094 admin extra 
libpam-mount_1.8-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklkdZ4ACgkQeBwlBDLsbz5pjQCglFECOcybVC3uCILCftfgxHGv
IxYAoI4HrULW/NfZ/25eaJbSpY850K8A
=RwAU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to