Bug#347338: libpam-modules: pam_tally segfaults

Mon, 09 Jan 2006 23:18:01 -0800 

Subject: libpam-modules: pam_tally segfaults
Package: libpam-modules
Version: 0.79-3
Severity: important

With this in /etc/pam.d/common-account:

account required        pam_tally.so

and this in /etc/pam.d/common-auth:

auth    required        pam_tally.so onerr=fail deny=5

ftp and console logins fail, su doesn't work, and sudo fails if it has to
ask for a password, as the calling process segfaults inside pam_tally's 
pam_sm_setcred() function..

Without the account phase, there's no segfault, but the tally is not
reset after a successful ssh login, or after authenticating for sudo.

What appears to be happening is that tally_set_data() is called from
pam_sm_authenticate(), then tally_get_data() is called from
pam_sm_acct_mgmt(), and again from pam_sm_setcred().  tally_get_data() sets
the data pointer to NULL, so when the second call blindly dereferences
the pointer it gets back from pam_get_data(), it segfaults.

This trivial patch appears to fix it for me, and the resulting
pam_tally.so binary has the desired behaviour for every type of login I
can be bothered checking.

--- pam-0.79/Linux-PAM/modules/pam_tally/pam_tally.c    2006-01-10 
16:35:32.000000000 +1000
+++ pam-0.79.fix/Linux-PAM/modules/pam_tally/pam_tally.c        2006-01-10 
16:29:01.000000000 +1000
@@ -268,7 +268,7 @@
     const void *data;
 
     rv = pam_get_data(pamh, MODULE_NAME, &data);
-    if ( rv == PAM_SUCCESS && oldtime != NULL ) {
+    if ( rv == PAM_SUCCESS && oldtime != NULL && data != NULL ) {
       *oldtime = *(const time_t *)data;
       pam_set_data(pamh, MODULE_NAME, NULL, NULL);
     }


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libpam-modules depends on:
ii  libc6                         2.3.5-11   GNU C Library: Shared libraries an
ii  libcap1                       1:1.10-14  support for getting/setting POSIX.
ii  libdb4.3                      4.3.29-3   Berkeley v4.3 Database Libraries [
ii  libpam0g                      0.79-3     Pluggable Authentication Modules l
ii  libselinux1                   1.28-2     SELinux shared libraries

libpam-modules recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to