[Pkg-auth-maintainers] Bug#869147: Dovecot authentication not working due to double free

Alex weirdnik at gmail.com
Thu Jul 20 22:22:43 UTC 2017


Package: libpam-yubico
Version: 2.23-1
Severity: important
Tags: upstream

I have confiugured Yubikey PAM authentication. It works for SSH and sudo, but it fails for dovecot, as shown in syslog:

dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(759)] called.
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(760)] flags 0 argc 5
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[0]=mode=client
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[1]=try_first_pass
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[2]=id=[REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[3]=debug
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(762)] argv[4]=key=[REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(763)] id=[REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(764)] key=[REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(765)] debug=1
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(766)] alwaysok=0
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(767)] verbose_otp=0
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(768)] try_first_pass=1
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(769)] use_first_pass=0
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(770)] authfile=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(771)] ldapserver=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(772)] ldap_uri=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(773)] ldap_bind_user=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(774)] ldap_bind_password=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(775)] ldap_filter=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(776)] ldap_cacertfile=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(777)] ldapdn=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(778)] user_attr=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(779)] yubi_attr=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(780)] yubi_attr_prefix=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(781)] url=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(782)] urllist=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(783)] capath=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(784)] cainfo=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(785)] proxy=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(786)] token_id_length=12
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(787)] mode=client
dovecot: auth-worker: Error: [../pam_yubico.c:parse_cfg(788)] chalresp_path=(null)
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(834)] get user returned: [REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(855)] get password returned: (null)
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(985)] conv returned 53 bytes
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1003)] Skipping first 9 bytes. Length is 53, token_id set to 12 and token OTP always 32.
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1010)] OTP: [REDACTED] ID: [REDACTED]
dovecot: auth-worker: Error: [../pam_yubico.c:pam_sm_authenticate(1025)] Extracted a probable system password entered before the OTP - setting item PAM_AUTHTOK
dovecot: auth-worker: Error: *** Error in `dovecot/auth`: double free or corruption (!prev): 0x00007f389ba54e40 ***
dovecot: auth: Error: auth worker: Aborted PASSV request for [REDACTED]: Worker process died unexpectedly
dovecot: auth-worker: Fatal: master: service(auth-worker): child 1281 killed with signal 6 (core dumps disabled)
-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-042stab120.11 (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-yubico depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  libc6                  2.24-11+deb9u1
ii  libldap-2.4-2          2.4.44+dfsg-5
ii  libpam-runtime         1.1.8-3.6
ii  libpam0g               1.1.8-3.6
ii  libykclient3           2.15-1
ii  libykpers-1-1          1.17.3-1
ii  libyubikey0            1.13-2

libpam-yubico recommends no packages.

libpam-yubico suggests no packages.

-- debconf information:
* libpam-yubico/module_args: mode=client try_first_pass id=[REDACTED] key=[REDACTED]



More information about the Pkg-auth-maintainers mailing list