[Pkg-shadow-devel] Bug#338810: /usr/bin/passwd segfaults on eof when changing a password

Fri Nov 18 19:16:49 UTC 2005

reassign 338810 libpam0g 0.79-3
thanks

Hello,

This issue happens when entering Control+D as the first password during a
password change:

> # passwd
> Enter new UNIX password: ^D
> Retype new UNIX password: ^D
> Segmentation fault

I could not reproduce it with 0.76-23.

In 0.79, a NULL string is returned by the libpam_misc default conversation
fonction (it was an empty string in 0.76).

I'm not sure where this shall be fixed.

I attach 3 patches:
 * libpam-modules_pam_unix_null_passwd.patch
   This fixes this issue in the pam_unix module.
   I'm not sure it is the right place to fix this (maybe this bug can
   appear on other PAM modules). However, another protection should not
   harm.

 * libpam0g_pam_misc_null_passwd.patch
   This fixes the issue at the conversation function level.
   I'm not sure this patch is correct (I don't know if there are some
   specifications that indicate if the password string must be NULL or
   empty in this case).

 * libpam-modules_pam_unix_typo.patch
   This one just fixes a typo.

Kind Regards,
-- 
Nekral
-------------- next part --------------
diff -rauN ../orig/pam-0.79/Linux-PAM/modules/pam_unix/pam_unix_passwd.c ./pam-0.79/Linux-PAM/modules/pam_unix/pam_unix_passwd.c

--- ../orig/pam-0.79/Linux-PAM/modules/pam_unix/pam_unix_passwd.c	2005-11-18 19:13:35.000000000 +0100
+++ ./pam-0.79/Linux-PAM/modules/pam_unix/pam_unix_passwd.c	2005-11-18 19:00:58.000000000 +0100
@@ -1121,7 +1121,7 @@
 			 * password is acceptable.
 			 */
 
-			if (pass_new[0] == '\0') {	/* "\0" password = NULL */
+			if (pass_new && pass_new[0] == '\0') {	/* "\0" password = NULL */
 				pass_new = NULL;
 			}
 			retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
-------------- next part --------------
diff -rauN ../orig/pam-0.79/Linux-PAM/libpam_misc/misc_conv.c ./pam-0.79/Linux-PAM/libpam_misc/misc_conv.c
--- ../orig/pam-0.79/Linux-PAM/libpam_misc/misc_conv.c	2005-11-18 19:13:35.000000000 +0100
+++ ./pam-0.79/Linux-PAM/libpam_misc/misc_conv.c	2005-11-18 19:08:01.000000000 +0100
@@ -210,7 +210,7 @@
 	    } else if (nc == 0) {                                /* Ctrl-D */
 		D(("user did not want to type anything"));
 
-		*retstr = NULL;
+		*retstr = x_strdup("");
 		if (echo) {
 		    fprintf(stderr, "\n");
 		}
-------------- next part --------------
diff -rauN ../orig/pam-0.79/Linux-PAM/modules/pam_unix/support.c ./pam-0.79/Linux-PAM/modules/pam_unix/support.c
--- ../orig/pam-0.79/Linux-PAM/modules/pam_unix/support.c	2005-11-18 19:13:35.000000000 +0100
+++ ./pam-0.79/Linux-PAM/modules/pam_unix/support.c	2005-11-18 19:00:22.000000000 +0100
@@ -90,7 +90,7 @@
 		}
 	} else if (retval != PAM_CONV_AGAIN) {
 		_log_err(LOG_ERR, pamh
-		         ,"couldn't obtain coversation function [%s]"
+		         ,"couldn't obtain conversation function [%s]"
 			 ,pam_strerror(pamh, retval));
 	}
 	D(("ready to return from module conversation"));
