https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893
Kubilay Kocak <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable13?, | |mfc-stable12? Keywords| |crash URL| |https://reviews.freebsd.org | |/D35169 Assignee|[email protected] |[email protected] Status|New |In Progress --- Comment #3 from Kubilay Kocak <[email protected]> --- The branch main has been updated by khng: URL: https://cgit.FreeBSD.org/src/commit/?id=b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c commit b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c Author: Yan Ka Chiu <[email protected]> AuthorDate: 2022-05-22 16:33:02 +0000 Commit: Ka Ho Ng <[email protected]> CommitDate: 2022-05-22 16:36:48 +0000 pam_exec: fix segfault when authtok is null According to pam_exec(8), the `expose_authtok` option should be ignored when the service function is `pam_sm_setcred`. Currently `pam_exec` only prevent prompt for anth token when `expose_authtok` is set on `pam_sm_setcred`. This subsequently led to segfault when there isn't an existing auth token available. Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893 After reading https://reviews.freebsd.org/rS349556 I am not sure if the default behaviour supposed to be simply not prompt for authentication token, or is it to ignore the option entirely as stated in the man page. This patch is therefore only adding an additional NULL check on the item `pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is NULL. MFC after: 1 week Reviewed by: des, khng Differential Revision: https://reviews.freebsd.org/D35169 -- You are receiving this mail because: You are the assignee for the bug.
