Bug#657524: libpam-yubico: segfaults on the failed second challenge-responses

Thu, 26 Jan 2012 11:51:23 -0800 

Package: libpam-yubico
Version: 2.10-1
Severity: important
Tags: upstream patch

I use a Yubikey 2.2.4 with libpam-yubico for challenge-response authentication.
The authentication requires two phases of challenges-responses. I set the
Yubikey to wait for key press before answering the challenges. Sometimes when I
press the key too long at the first phase, it segfaults like this instead of a
simple failure:

    *** glibc detected *** sudo: double free or corruption (out): 
0x000000000138efc0 ***
    ======= Backtrace: =========
    /lib/x86_64-linux-gnu/libc.so.6(+0x72656)[0x7fc05233f656]
    /lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7fc05234438c]
    /lib/x86_64-linux-gnu/libc.so.6(fclose+0x14d)[0x7fc0523305ad]
    /lib/security/pam_yubico.so(pam_sm_authenticate+0xb1e)[0x7fc050fdfb0e]
    /lib/x86_64-linux-gnu/libpam.so.0(+0x31f5)[0x7fc0511e71f5]
    /lib/x86_64-linux-gnu/libpam.so.0(pam_authenticate+0x38)[0x7fc0511e6a78]
    /usr/lib/sudo/sudoers.so(+0x6442)[0x7fc0513f8442]
    /usr/lib/sudo/sudoers.so(+0x5d34)[0x7fc0513f7d34]
    ...

The following working patch clearly shows the problem.

diff -ru5p yubico-pam-2.10.orig/pam_yubico.c yubico-pam-2.10/pam_yubico.c
--- yubico-pam-2.10.orig/pam_yubico.c   2011-12-13 23:54:55.000000000 +0800
+++ yubico-pam-2.10/pam_yubico.c        2012-01-27 01:36:41.139640251 +0800
@@ -524,10 +524,11 @@ do_challenge_response(pam_handle_t *pamh

   if (fclose(f) < 0) {
     f = NULL;
     goto out;
   }
+  f = NULL;

   if (restore_privileges(pamh) < 0) {
       DBG (("could not restore privileges"));
       goto out;
   }
   ...
 out:
   ...
   if (f)
     fclose(f);

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libpam-yubico depends on:
ii  debconf [debconf-2.0]  1.5.41
ii  libc6                  2.13-24
ii  libldap-2.4-2          2.4.28-1.1
ii  libpam-runtime         1.1.3-6
ii  libpam0g               1.1.3-6
ii  libykclient3           2.6-1
ii  libykpers-1-1          1.6.3-1
ii  libyubikey0            1.7-1

libpam-yubico recommends no packages.

libpam-yubico suggests no packages.

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to