Date: Thu, 19 Jun 1997 03:12:21 -0400 (EDT) From: Joe Traister <traister@gate.net> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/3903: Kerberized su -l fails with segfault Message-ID: <199706190712.DAA09402@manta.traister-one.org> Resent-Message-ID: <199706190720.AAA12506@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3903
>Category: bin
>Synopsis: Kerberized su -l fails with segfault
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 19 00:20:01 PDT 1997
>Last-Modified:
>Originator: Joe Traister
>Organization:
None
>Release: FreeBSD 2.2.2-RELEASE i386
>Environment:
FreeBSD 2.2.2 with Kerberos installed, configured and running.
>Description:
su -l fails with a segfault when a Kerberos password is used.
Because the kerberos() routine in su.c calls setenv(), setenv()
sets it's static flag to indicate it's alloced memory already.
When the environment is set to a fixed array and setusercontext()
is called, the setenv()'s in that routine try to realloc() the array
because the flag is set.
>How-To-Repeat:
On a Kerberized machine, use su -l and then give a correct Kerberos
password for a <user>.root principle.
>Fix:
--- /usr/src/usr.bin/su/su.c Sat May 10 18:07:58 1997
+++ su.c Thu Jun 19 02:51:46 1997
@@ -101,7 +101,7 @@
char *targetpass;
int iswheelsu;
#endif /* WHEELSU */
- char *p, **g, *user, *shell=NULL, *username, *cleanenv[20], **nargv, **np;
+ char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np;
struct group *gr;
uid_t ruid;
int asme, ch, asthem, fastlogin, prio, i;
@@ -371,6 +371,8 @@
if (!asme) {
if (asthem) {
p = getenv("TERM");
+ if ((cleanenv = calloc(20, sizeof(char*))) == NULL)
+ errx(1, "calloc");
cleanenv[0] = NULL;
environ = cleanenv;
#ifdef LOGIN_CAP
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706190712.DAA09402>