Package: libpam-ccreds
Version: 8-1
Severity: minor
The cc_test program crashes when using - as the password. This is the
usage information which made me test with -:
Usage: cc_test [-validate|-store|-update] [service] [user] [password]
[ccredsfile]
where service may be "any"
where password may be "-" to delete a user
Here is a test run in valgrind using
"cc_test -store any pre - /tmp/foo"
==851== Memcheck, a memory error detector.
==851== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==851== Using LibVEX rev 1658, a library for dynamic binary translation.
==851== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==851== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework.
==851== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==851== For more details, rerun with: -v
==851==
==851== Invalid read of size 1
==851== at 0x401E208: strlen (mc_replace_strmem.c:246)
==851== by 0x80489E9: main (cc_test.c:68)
==851== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==851==
==851== Process terminating with default action of signal 11 (SIGSEGV)
==851== Access not within mapped region at address 0x0
==851== at 0x401E208: strlen (mc_replace_strmem.c:246)
==851== by 0x80489E9: main (cc_test.c:68)
==851==
==851== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 1)
==851== malloc/free: in use at exit: 93,442 bytes in 39 blocks.
==851== malloc/free: 48 allocs, 9 frees, 94,648 bytes allocated.
==851== For counts of detected errors, rerun with: -v
==851== searching for pointers to 39 not-freed blocks.
==851== checked 137,304 bytes.
==851==
==851== LEAK SUMMARY:
==851== definitely lost: 4,142 bytes in 1 blocks.
==851== possibly lost: 86,255 bytes in 10 blocks.
==851== still reachable: 3,045 bytes in 28 blocks.
==851== suppressed: 0 bytes in 0 blocks.
==851== Use --leak-check=full to see details of leaked memory.
Segmentation fault
The problem is strlen(NULL) called in this block:
if (strcmp(action, "-validate") == 0) {
rc = pam_cc_validate_credentials(pamcch, PAM_CC_TYPE_DEFAULT,
password, strlen(password));
function = "pam_cc_validate_credentials";
} else if (strcmp(action, "-store") == 0) {
rc = pam_cc_store_credentials(pamcch, PAM_CC_TYPE_DEFAULT,
password, strlen(password));
function = "pam_cc_store_credentials";
} else if (strcmp(action, "-update") == 0) {
rc = pam_cc_delete_credentials(pamcch, PAM_CC_TYPE_DEFAULT,
password,
(password == NULL) ? 0 :
strlen(password));
function = "pam_cc_delete_credentials";
Happy hacking,
--
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
