From owner-freebsd-audit Thu Sep 6 10:17:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from arb.arb.za.net (arb.arb.za.net [196.7.148.4]) by hub.freebsd.org (Postfix) with ESMTP id 07E0E37B405; Thu, 6 Sep 2001 10:16:54 -0700 (PDT) Received: (from uucp@localhost) by arb.arb.za.net (8.11.3/8.11.3) with UUCP id f86HGcI78384; Thu, 6 Sep 2001 19:16:38 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.11.6/8.11.4) with ESMTP id f86FsS204571; Thu, 6 Sep 2001 16:54:28 +0100 (BST) (envelope-from mark@grondar.za) Message-Id: <200109061554.f86FsS204571@grimreaper.grondar.za> To: Peter Pentchev Cc: markm@FreeBSD.org, re@FreeBSD.org, audit@FreeBSD.org Subject: Re: bin/30357: core dump in libpam.so when parsing config file References: <20010906132355.C1477@ringworld.oblivion.bg> In-Reply-To: <20010906132355.C1477@ringworld.oblivion.bg> ; from Peter Pentchev "Thu, 06 Sep 2001 13:23:55 +0300." Date: Thu, 06 Sep 2001 16:54:28 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Already fixed in the (later) CURRENT sources. Please feel free to MFC this if the RE folks agree. (Not the whole file, just this patch. NOTE - its in a different place). M > Hi, > > I can reproduce the problem, and the (trivial-looking) patch really > fixes it. Would there be much harm in taking pam_misc.c off the vendor > branch and fixing (*and* MFC'ing) this before 4.4 goes out? > A PAM-related coredump does look kind of important to me.. > > G'luck, > Peter > > -- > This sentence every third, but it still comprehensible. > > ----- Forwarded message from Edward Counce ----- > > Date: Wed, 5 Sep 2001 14:33:43 -0700 (PDT) > From: Edward Counce > To: freebsd-gnats-submit@FreeBSD.org > X-Send-Pr-Version: www-1.0 > Subject: bin/30357: core dump in libpam.so when parsing config file > List-ID: > List-Archive: (Web Archive) > List-Help: (List Instructions) > List-Subscribe: > List-Unsubscribe: > > > >Number: 30357 > >Category: bin > >Synopsis: core dump in libpam.so when parsing config file > >Confidential: no > >Severity: serious > >Priority: low > >Responsible: freebsd-bugs > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: sw-bug > >Submitter-Id: current-users > >Arrival-Date: Wed Sep 05 14:40:02 PDT 2001 > >Closed-Date: > >Last-Modified: > >Originator: Edward Counce > >Release: 4.3-RELEASE > >Organization: > Celion Networks, Inc. > >Environment: > FreeBSD ecounce 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Sat Apr 21 10:54:49 GMT 2001 jkh@narf.osd.bsdi.com:/usr/src/sys/compile/GENERIC i386 > >Description: > While parsing the configuration file, numeric (jump) actions in the newer control flag syntax may cause a core dump. > > >How-To-Repeat: > add to /etc/pam.conf: > > sshd auth [success=1 default=ignore] pam_tacplus.so > > >Fix: > Index: pam_misc.c > =================================================================== > RCS file: /home/ncvs/src/contrib/libpam/libpam/pam_misc.c,v > retrieving revision 1.1.1.1 > diff -u -r1.1.1.1 pam_misc.c > --- pam_misc.c 18 Nov 1998 01:16:19 -0000 1.1.1.1 > +++ pam_misc.c 5 Sep 2001 21:16:36 -0000 > @@ -278,7 +278,7 @@ > } > > /* observe action type */ > - for (act=0; act<=-_PAM_ACTION_UNDEF; ++act) { > + for (act=0; act<-_PAM_ACTION_UNDEF; ++act) { > len = strlen(_pam_token_actions[act]); > if (!strncmp(_pam_token_actions[act], tok, len)) { > act *= -1; > >Release-Note: > >Audit-Trail: > >Unformatted: > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-bugs" in the body of the message > > > ----- End forwarded message ----- -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message