From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Aug 23 19:20:02 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABA2216A421
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 23 Aug 2007 19:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 85B6413C480
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 23 Aug 2007 19:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7NJK2tB006528
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 23 Aug 2007 19:20:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7NJK2qw006521;
	Thu, 23 Aug 2007 19:20:02 GMT (envelope-from gnats)
Resent-Date: Thu, 23 Aug 2007 19:20:02 GMT
Resent-Message-Id: <200708231920.l7NJK2qw006521@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Valentin Nechayev <netch@lucky.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B78B16A417
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 23 Aug 2007 19:18:35 +0000 (UTC) (envelope-from netch@lucky.net)
Received: from relay3.lucky.net (aleph.carrier.kiev.ua [193.193.193.120])
	by mx1.freebsd.org (Postfix) with ESMTP id 1224613C457
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 23 Aug 2007 19:18:34 +0000 (UTC) (envelope-from netch@lucky.net)
Received: from burka.carrier.kiev.ua (root@burka.carrier.kiev.ua
	[193.193.193.107])
	by relay3.lucky.net (8) with ESMTP id l8NIdIXS091930
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 23 Aug 2007 21:39:18 +0300 (EEST)
	(envelope-from netch@lucky.net)
Received: from burka.carrier.kiev.ua (netch@localhost [127.0.0.1])
	by burka.carrier.kiev.ua with ESMTP id l7NIbKRH058795;
	Thu, 23 Aug 2007 21:37:21 +0300 (EEST)
	(envelope-from netch@burka.carrier.kiev.ua)
Received: (from netch@localhost)
	by burka.carrier.kiev.ua (8.13.8/8.13.8/Submit) id l7NIbK3t058792;
	Thu, 23 Aug 2007 21:37:20 +0300 (EEST) (envelope-from netch)
Message-Id: <200708231837.l7NIbK3t058792@burka.carrier.kiev.ua>
Date: Thu, 23 Aug 2007 21:37:20 +0300 (EEST)
From: Valentin Nechayev <netch@lucky.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/115765: uucpd from net/freebsd-uucp traps with PAM and
	unknown user
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Valentin Nechayev <netch@lucky.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2007 19:20:02 -0000


>Number:         115765
>Category:       ports
>Synopsis:       uucpd from net/freebsd-uucp traps with PAM and unknown user
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 23 19:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Valentin Nechayev
>Release:        FreeBSD 6.2-RELEASE-p1 i386
>Organization:
Lucky Net Ltd.
>Environment:
System: FreeBSD 6.2-RELEASE-p1
Port version: freebsd-uucp-pam-1.07.2

>Description:

In port net/freebsd-uucp:

When compiled with PAM, uucpd shows the following bug: if user specified
in command line is unknown, getpwnam() returns NULL; then, auth_pam()
tries to extract pw->pw_name and gets SIGSEGV.

gdb'ing of core file shows:

#0  0x08049778 in auth_pam () at uucpd.c:354
354             cred_t auth_cred = { pw->pw_name, passwd };
(gdb) p pw
$1 = (struct passwd *) 0x0

This isn't kind of security problem but rather annoys.

>How-To-Repeat:

Compile and install the port, start uucpd from inetd or command line,
enter unknown user and arbitrary password.

>Fix:

Patch uucpd.c (I don't know whether to better patch by port system
or in repository) with the following patch.
I also added sleep(3) on bad login according to common practice.

--- uucpd.c.0	Thu Jan  8 20:28:23 2004
+++ uucpd.c	Thu Aug 23 21:25:22 2007
@@ -173,6 +173,7 @@
 	syslog(LOG_AUTHPRIV|LOG_NOTICE,
 	    "LOGIN FAILURE FROM %s, %s", remotehost, name);
 
+	sleep(3);
 	fprintf(stderr, "Login incorrect.\n");
 	exit(1);
 }
@@ -208,6 +209,8 @@
 
 	/* pw might get changed by auth_pam */
 	pw = getpwnam(user);
+	if (pw == NULL)
+		badlogin(user);
 
 #ifdef USE_PAM
 	/*
>Release-Note:
>Audit-Trail:
>Unformatted: