Bug#819679: libpwquality-tools: pwmake crash if using 1024 entropy bits

Thu Mar 31 18:52:37 UTC 2016

Package: libpwquality-tools
Version: 1.2.3-1
Severity: normal

Dear Maintainer,

If I run pwmake like this:

pwmake 1024

it will result in crash:

sharuzzaman at debian:~$ pwmake 1024
*** stack smashing detected ***: pwmake terminated
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x692ab)[0xb756d2ab]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x37)[0xb75fcfe7]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xf8fa8)[0xb75fcfa8]
/usr/lib/i386-linux-gnu/libpwquality.so.1(+0x30c4)[0xb76cc0c4]
/usr/lib/i386-linux-gnu/libpwquality.so.1(pwquality_generate+0x385)[0xb76ca1e5]
pwmake[0x804887c]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xf7)[0xb751c527]
pwmake[0x80489dd]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:02 123421     /usr/bin/pwmake
08049000-0804a000 r--p 00000000 08:02 123421     /usr/bin/pwmake
0804a000-0804b000 rw-p 00001000 08:02 123421     /usr/bin/pwmake
0959a000-095bb000 rw-p 00000000 00:00 0          [heap]
b730b000-b7327000 r-xp 00000000 08:02 491551     /lib/i386-linux-gnu/libgcc_s.so.1
b7327000-b7328000 rw-p 0001b000 08:02 491551     /lib/i386-linux-gnu/libgcc_s.so.1
b7328000-b7333000 r-xp 00000000 08:02 492371     /lib/i386-linux-gnu/i686/cmov/libnss_files-2.22.so
b7333000-b7334000 r--p 0000a000 08:02 492371     /lib/i386-linux-gnu/i686/cmov/libnss_files-2.22.so
b7334000-b7335000 rw-p 0000b000 08:02 492371     /lib/i386-linux-gnu/i686/cmov/libnss_files-2.22.so
b7335000-b733b000 rw-p 00000000 00:00 0 
b733b000-b7346000 r-xp 00000000 08:02 492374     /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.22.so
b7346000-b7347000 r--p 0000a000 08:02 492374     /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.22.so
b7347000-b7348000 rw-p 0000b000 08:02 492374     /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.22.so
b7348000-b735f000 r-xp 00000000 08:02 492367     /lib/i386-linux-gnu/i686/cmov/libnsl-2.22.so
b735f000-b7360000 r--p 00016000 08:02 492367     /lib/i386-linux-gnu/i686/cmov/libnsl-2.22.so
b7360000-b7361000 rw-p 00017000 08:02 492367     /lib/i386-linux-gnu/i686/cmov/libnsl-2.22.so
b7361000-b7363000 rw-p 00000000 00:00 0 
b7375000-b7503000 r--p 00000000 08:02 139359     /usr/lib/locale/locale-archive
b7503000-b7504000 rw-p 00000000 00:00 0 
b7504000-b76b5000 r-xp 00000000 08:02 491977     /lib/i386-linux-gnu/i686/cmov/libc-2.22.so
b76b5000-b76b6000 ---p 001b1000 08:02 491977     /lib/i386-linux-gnu/i686/cmov/libc-2.22.so
b76b6000-b76b8000 r--p 001b1000 08:02 491977     /lib/i386-linux-gnu/i686/cmov/libc-2.22.so
b76b8000-b76b9000 rw-p 001b3000 08:02 491977     /lib/i386-linux-gnu/i686/cmov/libc-2.22.so
b76b9000-b76bc000 rw-p 00000000 00:00 0 
b76bc000-b76c3000 r-xp 00000000 08:02 197330     /usr/lib/i386-linux-gnu/libcrack.so.2.9.0
b76c3000-b76c4000 ---p 00007000 08:02 197330     /usr/lib/i386-linux-gnu/libcrack.so.2.9.0
b76c4000-b76c5000 r--p 00007000 08:02 197330     /usr/lib/i386-linux-gnu/libcrack.so.2.9.0
b76c5000-b76c6000 rw-p 00008000 08:02 197330     /usr/lib/i386-linux-gnu/libcrack.so.2.9.0
b76c6000-b76c9000 rw-p 00000000 00:00 0 
b76c9000-b76ce000 r-xp 00000000 08:02 200666     /usr/lib/i386-linux-gnu/libpwquality.so.1.0.2
b76ce000-b76cf000 r--p 00004000 08:02 200666     /usr/lib/i386-linux-gnu/libpwquality.so.1.0.2
b76cf000-b76d0000 rw-p 00005000 08:02 200666     /usr/lib/i386-linux-gnu/libpwquality.so.1.0.2
b76d6000-b76de000 r-xp 00000000 08:02 492368     /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.22.so
b76de000-b76df000 r--p 00007000 08:02 492368     /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.22.so
b76df000-b76e0000 rw-p 00008000 08:02 492368     /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.22.so
b76e1000-b76e4000 rw-p 00000000 00:00 0 
b76e4000-b76e6000 r--p 00000000 00:00 0          [vvar]
b76e6000-b76e7000 r-xp 00000000 00:00 0          [vdso]
b76e7000-b7708000 r-xp 00000000 08:02 491667     /lib/i386-linux-gnu/ld-2.22.so
b7708000-b7709000 rw-p 00000000 00:00 0 
b7709000-b770a000 r--p 00021000 08:02 491667     /lib/i386-linux-gnu/ld-2.22.so
b770a000-b770b000 rw-p 00022000 08:02 491667     /lib/i386-linux-gnu/ld-2.22.so
bfc25000-bfc46000 rw-p 00000000 00:00 0          [stack]
Aborted

-----

It should not be crashing. If it cannot handle 1024 bit, better exit silently than crashing.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.4.0-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpwquality-tools depends on:
ii  libc6          2.22-4
ii  libcrack2      2.9.2-1+b2
ii  libpwquality1  1.2.3-1

libpwquality-tools recommends no packages.

libpwquality-tools suggests no packages.

-- no debconf information