Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 266603

Summary: sys-auth/pam_ssh segfaults with EOF as password
Product: Gentoo Linux Reporter: Kevin Lyles <kevinlyles>
Component: [OLD] Core systemAssignee: PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled>
Status: RESOLVED FIXED    
Severity: minor CC: dschridde+gentoobugs, hurikhan77+bgo, pesa, rauchwolke, wsheets
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 232907    
Attachments: Patch fixes the issue

Description Kevin Lyles 2009-04-18 01:48:38 UTC 
The su command in sys-apps/shadow segfaults when given a password containing EOF (ctrl+d).  I believe it is related to the pam use flag, although it is possible it is simply a coincidence with the version change.

Reproducible: Always

Steps to Reproduce:
0. (maybe) emerge sys-apps/shadow with the pam use flag enabled
1. run su
2. enter ctrl+d as your password

Actual Results:  
Segfault

0xb7dcc5e3 in strlen () from /lib/libc.so.6
gdb> bt
#0  0xb7dcc5e3 in strlen () from /lib/libc.so.6
#1  0xb7d08c3f in pam_get_pass () from /lib/security/pam_ssh.so
#2  0x00000000 in ?? ()
gdb> q


Expected Results:  
su: Authentication failure


I would test without the pam use flag, but it is marked as dangerous to arbitrarily flip.

Note that everything still works, there's just a segfault instead of an error message in this one particular case.
Comment 1 lklm 2009-04-18 13:21:27 UTC 
Created attachment 188789 [details, diff]
Patch fixes the issue

This fixes the segfault with possibility for pam to work as configured.

Beware that example configuration for pam_ssh will try to check other modules so if EOF is entered as passphrase user will be prompted by other modules. This can be changed by using 'requisite' in pam configuration.

Please check if it works as this is my first fix for gentoo :)
I ask a gentoo developer to pick this up if it's any good.
Comment 2 SpanKY gentoo-dev 2009-04-20 05:24:22 UTC 
not a shadow bug
Comment 3 Davide Pesavento gentoo-dev 2009-07-28 15:04:58 UTC 
Still not fixed in 1.97
Comment 4 walt 2010-06-22 23:04:40 UTC 
*** Bug 288711 has been marked as a duplicate of this bug. ***
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-26 19:29:34 UTC 
*** Bug 329815 has been marked as a duplicate of this bug. ***
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-31 17:53:36 UTC 
Finally fixed as of 1.97-r3.
Comment 7 Dennis Schridde 2010-11-01 00:32:58 UTC 
Duplicate of bug #232907.
Comment 8 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-11-01 11:09:34 UTC 
*** Bug 343397 has been marked as a duplicate of this bug. ***