Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Apr 2008 10:30:04 GMT
From:      Jaakko Heinonen <jh@saunalahti.fi>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/112694: segfault in pam_lastlog(8) on sshd exit when no pty allocated
Message-ID:  <200804161030.m3GAU4TR058150@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR bin/112694; it has been noted by GNATS.

From: Jaakko Heinonen <jh@saunalahti.fi>
To: Christopher Cowart <ccowart@rescomp.berkeley.edu>,
        bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/112694: segfault in pam_lastlog(8) on sshd exit when no
	pty allocated
Date: Wed, 16 Apr 2008 13:25:48 +0300

 --qMm9M+Fa2AknHoGS
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 
 Hi,
 
 On 2008-04-15, Christopher Cowart wrote:
 > I think when we run it both via the sshd and login stacks, it gets
 > executed twice for logouts. If your testing shows no segfaults in that
 > situation, I'm content that the problem is solved.
 
 Thanks for the information. The bug is still there. I can reproduce it
 now if I configure pam this way.
 
 revision 1.23 (src/lib/libpam/modules/pam_lastlog/pam_lastlog.c)
 commit message:
 
 Apply the same error checks to PAM_TTY in pam_sm_close_session() as in
 pam_sm_open_session(), avoiding false negatives when no tty is present.
 
 
 However the commit failed to add a check for NULL tty name (the check is
 present in pam_sm_open_session()). Attached patch should fix the
 problem.
 
 -- 
 Jaakko
 
 --qMm9M+Fa2AknHoGS
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="pam_lastlog-segfault.diff"
 
 Index: pam_lastlog.c
 ===================================================================
 RCS file: /home/ncvs/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v
 retrieving revision 1.23
 diff -p -u -r1.23 pam_lastlog.c
 --- pam_lastlog.c	22 Jul 2007 15:17:29 -0000	1.23
 +++ pam_lastlog.c	16 Apr 2008 09:08:49 -0000
 @@ -183,6 +183,10 @@ pam_sm_close_session(pam_handle_t *pamh 
  	pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
  	if (pam_err != PAM_SUCCESS)
  		goto err;
 +	if (tty == NULL) {
 +		pam_err = PAM_SERVICE_ERR;
 +		goto err;
 +	}
  	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
  		tty = (const char *)tty + strlen(_PATH_DEV);
  	if (*(const char *)tty == '\0')
 
 --qMm9M+Fa2AknHoGS--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804161030.m3GAU4TR058150>