Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 May 2022 00:53:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault
Message-ID:  <bug-263893-227-CGs7jNafq1@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-263893-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-263893-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263893

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |mfc-stable13?,
                   |                            |mfc-stable12?
           Keywords|                            |crash
                URL|                            |https://reviews.freebsd.org
                   |                            |/D35169
           Assignee|bugs@FreeBSD.org            |khng@freebsd.org
             Status|New                         |In Progress

--- Comment #3 from Kubilay Kocak <koobs@FreeBSD.org> ---
The branch main has been updated by khng:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3Db75e0eed345d2ab047a6b1b00a9a7c3bf=
92e992c

commit b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c
Author:     Yan Ka Chiu <nyan@myuji.xyz>
AuthorDate: 2022-05-22 16:33:02 +0000
Commit:     Ka Ho Ng <khng@FreeBSD.org>
CommitDate: 2022-05-22 16:36:48 +0000

    pam_exec: fix segfault when authtok is null

    According to pam_exec(8), the `expose_authtok` option should be ignored
    when the service function is `pam_sm_setcred`. Currently `pam_exec` only
    prevent prompt for anth token when `expose_authtok` is set on
    `pam_sm_setcred`. This subsequently led to segfault when there isn't an
    existing auth token available.

    Bug reported on this:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263893

    After reading https://reviews.freebsd.org/rS349556 I am not sure if the
    default behaviour supposed to be simply not prompt for authentication
    token, or is it to ignore the option entirely as stated in the man page.

    This patch is therefore only adding an additional NULL check on the item
    `pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
    NULL.

    MFC after:      1 week
    Reviewed by:    des, khng
    Differential Revision:  https://reviews.freebsd.org/D35169

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263893-227-CGs7jNafq1>