Package: libpam-modules
Version: 0.79-4
Severity: normal
Tags: patch

When you are stupid enough to try to use pam_userdb.so without specifing a 
db=<database>
pam cases a segmentation fault.  I realise that the correct solution to this is
to have read the manual and do things correctly but we're not all perfect :-(

Attached is a patch (pam-patch-1) to check for this degenerate case, and log an 
error
instead of segfaulting.

This behaviour still appears to be the case in the latest version of the 
upstream pacakge
(untested, verified by a glance at the code).

Also, while debugging this issue I tried to set the debug and dump flags to 
this module,
and was for a mislead by the fact that it was logging junk at the end of the 
password 
string when logging, e.g:

 pam_userdb[17170]: Database dump:
 pam_userdb[17170]: key[len=6] = `XXXXXX', data[len=8] = `XXXXXXXhV<9A>DO+'
 pam_userdb[17170]: password in database is [0x5070d0]`XXXXXXXXV<9A>DO+', len 
is 8

(password and username have been replaced by X's). Attached is a patch 
(pam-patch-2) which
null terminates these strings before printing them.

aaron



*** /tmp/pam-patch-1
--- Linux-PAM/modules/pam_userdb/pam_userdb.c   2007-08-04 14:46:05.000000000 
+0000
+++ Linux-PAM/modules/pam_userdb/pam_userdb.c   2007-08-04 14:51:45.000000000 
+0000
@@ -123,6 +123,12 @@
     DBM *dbm;
     datum key, data;
 
+    /* Check database name is set */
+    if ( database == NULL ) {
+        _pam_log(LOG_ERR, "user_lookup: database not set (you need to give a 
db=... argument)");
+        return -2;
+    }
+
     /* Open the DB file. */
     dbm = dbm_open(database, O_RDONLY, 0644);
     if (dbm == NULL) {

*** /tmp/pam-patch-2
--- Linux-PAM/modules/pam_userdb/pam_userdb.c   2007-08-04 14:46:05.000000000 
+0000
+++ Linux-PAM/modules/pam_userdb/pam_userdb.c   2007-08-04 14:51:45.000000000 
+0000
@@ -137,6 +143,7 @@
        for (key = dbm_firstkey(dbm);  key.dptr != NULL;
             key = dbm_nextkey(dbm)) {
            data = dbm_fetch(dbm, key);
+           data.dptr[data.dsize] = '\0';
            _pam_log(LOG_INFO, "key[len=%d] = `%s', data[len=%d] = `%s'",
                     key.dsize, key.dptr, data.dsize, data.dptr);
        }
@@ -161,6 +168,7 @@
     }
 
     if (ctrl & PAM_DEBUG_ARG) {
+       data.dptr[data.dsize] = '\0';
        _pam_log(LOG_INFO, "password in database is [%p]`%s', len is %d",
                 data.dptr, (char *) data.dptr, data.dsize);
     }


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libpam-modules depends on:
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libcap1                     1:1.10-14    support for getting/setting POSIX.
ii  libdb4.3                    4.3.29-8     Berkeley v4.3 Database Libraries [
ii  libpam0g                    0.79-4       Pluggable Authentication Modules l
ii  libselinux1                 1.32-3       SELinux shared libraries

libpam-modules recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to