Package: libpam-mount Version: 0.44-1+lenny3 Severity: important Tags: patch
Per cron bug 484122 some (all?) users who are mounting their encrypted home directory with libpam-mount have been seeing a constant stream of segfaults in cron. Cron has been rendered useless in this environment. strace and ltrace did not yield any interesting results so I have used gdb to localize the problem and propose a solution. This patch seems to fix the problem for me: ---------------- diff --git a/src/pam_mount.c b/src/pam_mount.c index 211a996..b86cd05 100644 --- a/src/pam_mount.c +++ b/src/pam_mount.c @@ -156,7 +156,7 @@ static int converse(pam_handle_t *pamh, int nargs, retval = pam_get_item(pamh, PAM_CONV, static_cast(const void **, static_cast(void *, &conv))); - if (retval == PAM_SUCCESS) { + if (retval == PAM_SUCCESS && *resp != NULL) { retval = conv->conv(nargs, message, resp, conv->appdata_ptr); if (retval != PAM_SUCCESS) l0g("conv->conv(...): %s\n", pam_strerror(pamh, retval)); ---------------- There is another call to pam_get_item on line 270 of the same file which was suggestive of the necessary fix. Not understanding the software fully, I made the above minimal change, and it seems to be sufficient, though I continue to run with it and test. This is my first patch submission to Debian, and I am treading in software that I do not really understand, so following is a verbose transcript of my gdb session: (gdb) attach 3489 Attaching to process 3489 Reading symbols from /usr/sbin/cron...done. Reading symbols from /lib/libpam.so.0...done. Loaded symbols for /lib/libpam.so.0 Reading symbols from /lib/libselinux.so.1...done. Loaded symbols for /lib/libselinux.so.1 Reading symbols from /lib/i686/cmov/libc.so.6...done. Loaded symbols for /lib/i686/cmov/libc.so.6 Reading symbols from /lib/i686/cmov/libdl.so.2...done. Loaded symbols for /lib/i686/cmov/libdl.so.2 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/i686/cmov/libnss_compat.so.2...done. Loaded symbols for /lib/i686/cmov/libnss_compat.so.2 Reading symbols from /lib/i686/cmov/libnsl.so.1...done. Loaded symbols for /lib/i686/cmov/libnsl.so.1 Reading symbols from /lib/i686/cmov/libnss_nis.so.2...done. Loaded symbols for /lib/i686/cmov/libnss_nis.so.2 Reading symbols from /lib/i686/cmov/libnss_files.so.2...done. Loaded symbols for /lib/i686/cmov/libnss_files.so.2 0xb7f5e424 in __kernel_vsyscall () (gdb) set follow-fork-mode child (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. [Switching to process 19892] 0x00000000 in ?? () (gdb) (gdb) info frame 0 Stack frame at 0xbfba1aa0: eip = 0x0; saved eip 0xb7b4cda1 called by frame at 0xbfba1af0 Arglist at 0xbfba1a98, args: Locals at 0xbfba1a98, Previous frame's sp is 0xbfba1aa0 Saved registers: eip at 0xbfba1a9c (gdb) up #1 0xb7b4cda1 in read_password (pamh=0x8841b00, prompt=0x8846278 "reenter password for pam_mount:", pass=0xbfba1b38) at pam_mount.c:160 160 retval = conv->conv(nargs, message, resp, conv->appdata_ptr); (gdb) up #2 0xb7b4ddf3 in pam_sm_open_session (pamh=0x8841b00, flags=32768, argc=1, argv=0x8843ce0) at pam_mount.c:511 511 ret = read_password(pamh, Config.msg_sessionpw, &system_authtok); (gdb) up #3 0xb7f693c1 in _pam_dispatch (pamh=0x8841b00, flags=32768, choice=4) at pam_dispatch.c:108 108 retval = h->func(pamh, flags, h->argc, h->argv); (gdb) up #4 0xb7f6cfeb in pam_open_session (pamh=0x8841be8, flags=32768) at pam_session.c:23 23 retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION); (gdb) up #5 0x0804e848 in child_process (e=0x88418f8, u=0x88418d8) at .../do_command.c:228 228 retcode = pam_open_session(pamh, PAM_SILENT); (gdb) up #6 0x0804e36d in do_command (e=0x88418f8, u=0x88418d8) at .../do_command.c:102 102 child_process(e, u); (gdb) up #7 0x0804e1e3 in job_runqueue () at ../job.c:68 68 do_command(j->e, j->u); (gdb) up #8 0x0804a777 in main (argc=142875624, argv=0x0) at ../cron.c:270 270 job_runqueue(); (gdb) up Initial frame selected; you cannot go up. (gdb) frame 0 #0 0x00000000 in ?? () (gdb) up #1 0xb7b4cda1 in read_password (pamh=0x8841b00, prompt=0x8846278 "reenter password for pam_mount:", pass=0xbfba1b38) at pam_mount.c:160 160 retval = conv->conv(nargs, message, resp, conv->appdata_ptr); (gdb) list 155 *resp = NULL; 156 retval = pam_get_item(pamh, PAM_CONV, static_cast(const void **, 157 static_cast(void *, &conv))); 158 159 if (retval == PAM_SUCCESS) { 160 retval = conv->conv(nargs, message, resp, conv->appdata_ptr); 161 if (retval != PAM_SUCCESS) 162 l0g("conv->conv(...): %s\n", pam_strerror(pamh, retval)); 163 } else { 164 l0g("pam_get_item: %s\n", pam_strerror(pamh, retval)); (gdb) (gdb) print *resp Cannot access memory at address 0x0 (gdb) print resp $3 = (struct pam_response *) 0x0 (gdb) -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-mount depends on: ii debconf 1.5.24 Debian configuration management sy ii libc6 2.7-16 GNU C Library: Shared libraries ii libhx13 1.18-1 A library providing queue, tree, I ii libpam0g 1.0.1-4 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8g-14 SSL shared libraries ii libxml-writer-perl 0.604-1 Perl module for writing XML docume ii libxml2 2.6.32.dfsg-5 GNOME XML library ii mount 2.13.1.1-1 Tools for mounting and manipulatin libpam-mount recommends no packages. Versions of packages libpam-mount suggests: ii cryptsetup 2:1.0.6-7 configures encrypted block devices pn davfs2 <none> (no description available) ii fuse-utils 2.7.4-1.1 Filesystem in USErspace (utilities ii lsof 4.78.dfsg.1-4 List open files pn ncpfs <none> (no description available) ii openssl 0.9.8g-14 Secure Socket Layer (SSL) binary a ii psmisc 22.6-1 Utilities that use the proc filesy pn smbfs <none> (no description available) pn truecrypt-utils <none> (no description available) -- debconf information: * libpam-mount/convert-xml-config: true
diff --git a/src/pam_mount.c b/src/pam_mount.c index 211a996..b86cd05 100644 --- a/src/pam_mount.c +++ b/src/pam_mount.c @@ -156,7 +156,7 @@ static int converse(pam_handle_t *pamh, int nargs, retval = pam_get_item(pamh, PAM_CONV, static_cast(const void **, static_cast(void *, &conv))); - if (retval == PAM_SUCCESS) { + if (retval == PAM_SUCCESS && *resp != NULL) { retval = conv->conv(nargs, message, resp, conv->appdata_ptr); if (retval != PAM_SUCCESS) l0g("conv->conv(...): %s\n", pam_strerror(pamh, retval));