Bug#238478: marked as done (libpam-mysql: 29 Character Limit in the Password)

[Debian Bug Tracking System]

Your message dated Mon, 26 Jan 2009 08:32:21 +0000
with message-id <e1lrmtj-0003mz...@ries.debian.org>
and subject line Bug#238478: fixed in pam-mysql 0.7~RC1-3
has caused the Debian Bug report #238478,
regarding libpam-mysql: 29 Character Limit in the Password
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
238478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=238478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libpam-mysql
Version: 0.4.7-1
Severity: normal

Maintainer, our admins came acrossed this today.

We use cyrus with authentication via pam (mysql).  After some discussions with 
the cyrus maintainer early in the debugging process we concluded this was 
probably a bug in this package.  After finding the cause (later), I believe 
that the bug is in libpam-mysql.

We found that if the password value is longer than 29 characters, pam will 
cause a Segemntation fault.  There should be some kind of warning or limit to 
prevent this from happening.

Backtrace:
#0  0x400ffc1b in free () from /lib/libc.so.6
#1  0x400ffaa3 in free () from /lib/libc.so.6
#2  0x401b2204 in db_connect () from /lib/security/pam_mysql.so
#3  0x401b291f in pam_sm_authenticate () from /lib/security/pam_mysql.so
#4  0x40088a36 in pam_fail_delay () from /lib/libpam.so.0
#5  0x40088ce4 in _pam_dispatch () from /lib/libpam.so.0
#6  0x4008a5ce in pam_authenticate () from /lib/libpam.so.0
#7  0x0804906e in strcpy ()
#8  0x08048e40 in strcpy ()
#9  0x08048d2f in strcpy ()
#10 0x400aa14f in __libc_start_main () from /lib/libc.so.6

If theres any more information that would be helpful, please let me know.

Thank you,

Matthew Walkup
G Force Hosting

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux a-mail 2.4.18-mss #1 SMP Wed Oct 8 07:32:35 PDT 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages libpam-mysql depends on:
ii  libc6                 2.2.5-11.5         GNU C Library: Shared libraries an
ii  libmysqlclient10      3.23.54a-0.woody.5 mysql database client library

--- End Message ---

--- Begin Message ---

Source: pam-mysql
Source-Version: 0.7~RC1-3

We believe that the bug you reported is fixed in the latest version of
pam-mysql, which is due to be installed in the Debian FTP archive:

libpam-mysql_0.7~RC1-3_i386.deb
  to pool/main/p/pam-mysql/libpam-mysql_0.7~RC1-3_i386.deb
pam-mysql_0.7~RC1-3.diff.gz
  to pool/main/p/pam-mysql/pam-mysql_0.7~RC1-3.diff.gz
pam-mysql_0.7~RC1-3.dsc
  to pool/main/p/pam-mysql/pam-mysql_0.7~RC1-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 238...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Bahner <bah...@debian.org> (supplier of updated pam-mysql package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 26 Jan 2009 08:36:06 +0100
Source: pam-mysql
Binary: libpam-mysql
Architecture: source i386
Version: 0.7~RC1-3
Distribution: experimental
Urgency: low
Maintainer: Paweł Więcek <co...@debian.org>
Changed-By: Lars Bahner <bah...@debian.org>
Description: 
 libpam-mysql - PAM module allowing authentication from a MySQL server
Closes: 238478 367535 368653 490772
Changes: 
 pam-mysql (0.7~RC1-3) experimental; urgency=low
 .
   * debconf
   * more cleanup
   * added -f switch to rm in rules (closes: #490772)
   * New version fixes bugs (closes: #367535, #368653, #238478)
Checksums-Sha1: 
 48231914344071e949ae782764a67b3e10d7e183 1077 pam-mysql_0.7~RC1-3.dsc
 031698222cea0f42d6510ac195fdb8f9517de5d8 4315 pam-mysql_0.7~RC1-3.diff.gz
 70ddca7dc3b711e05503f39c9b80d1ec0ea8ca78 33248 libpam-mysql_0.7~RC1-3_i386.deb
Checksums-Sha256: 
 6dbd6a74d751c618597c4ca2819750260a001817c0b4ba74d5472f3581f92db9 1077 
pam-mysql_0.7~RC1-3.dsc
 f0c30656095f27cce1153b41e303098505df19762b73ddde2065de8204fac8ed 4315 
pam-mysql_0.7~RC1-3.diff.gz
 411fadb62d1b9e872d25d0d106ce00dacbe4244fa31588b28a5fd6e7569a5679 33248 
libpam-mysql_0.7~RC1-3_i386.deb
Files: 
 81cae625b35f6622fe2471649394f220 1077 admin extra pam-mysql_0.7~RC1-3.dsc
 c6621d26e24381365889e0221d6347d6 4315 admin extra pam-mysql_0.7~RC1-3.diff.gz
 be72b96fffa9442c73fdcc974c64a3b2 33248 admin extra 
libpam-mysql_0.7~RC1-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl9ah0ACgkQmXJ8FFTsuK/TSQCgsb0ZwNObqEcjkjnT+yniTgsA
wX0An0Tuj3TvNiQR396gQ+3QQwD+peFg
=mK1v
-----END PGP SIGNATURE-----

--- End Message ---