Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Aug 2007 21:37:20 +0300 (EEST)
From:      Valentin Nechayev <netch@lucky.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/115765: uucpd from net/freebsd-uucp traps with PAM and unknown user
Message-ID:  <200708231837.l7NIbK3t058792@burka.carrier.kiev.ua>
Resent-Message-ID: <200708231920.l7NJK2qw006521@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         115765
>Category:       ports
>Synopsis:       uucpd from net/freebsd-uucp traps with PAM and unknown user
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 23 19:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Valentin Nechayev
>Release:        FreeBSD 6.2-RELEASE-p1 i386
>Organization:
Lucky Net Ltd.
>Environment:
System: FreeBSD 6.2-RELEASE-p1
Port version: freebsd-uucp-pam-1.07.2

>Description:

In port net/freebsd-uucp:

When compiled with PAM, uucpd shows the following bug: if user specified
in command line is unknown, getpwnam() returns NULL; then, auth_pam()
tries to extract pw->pw_name and gets SIGSEGV.

gdb'ing of core file shows:

#0  0x08049778 in auth_pam () at uucpd.c:354
354             cred_t auth_cred = { pw->pw_name, passwd };
(gdb) p pw
$1 = (struct passwd *) 0x0

This isn't kind of security problem but rather annoys.

>How-To-Repeat:

Compile and install the port, start uucpd from inetd or command line,
enter unknown user and arbitrary password.

>Fix:

Patch uucpd.c (I don't know whether to better patch by port system
or in repository) with the following patch.
I also added sleep(3) on bad login according to common practice.

--- uucpd.c.0	Thu Jan  8 20:28:23 2004
+++ uucpd.c	Thu Aug 23 21:25:22 2007
@@ -173,6 +173,7 @@
 	syslog(LOG_AUTHPRIV|LOG_NOTICE,
 	    "LOGIN FAILURE FROM %s, %s", remotehost, name);
 
+	sleep(3);
 	fprintf(stderr, "Login incorrect.\n");
 	exit(1);
 }
@@ -208,6 +209,8 @@
 
 	/* pw might get changed by auth_pam */
 	pw = getpwnam(user);
+	if (pw == NULL)
+		badlogin(user);
 
 #ifdef USE_PAM
 	/*
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708231837.l7NIbK3t058792>