Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 266603 - sys-auth/pam_ssh segfaults with EOF as password
Summary: sys-auth/pam_ssh segfaults with EOF as password
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: PAM Gentoo Team
URL:
Whiteboard:
Keywords:
: 288711 329815 343397 (view as bug list)
Depends on:
Blocks: 232907
  Show dependency tree
 
Reported: 2009-04-18 01:48 UTC by Kevin Lyles
Modified: 2010-11-01 11:09 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch fixes the issue (pam_ssh-1.92-passphrase_eof.patch,433 bytes, patch)
2009-04-18 13:21 UTC, lklm
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Lyles 2009-04-18 01:48:38 UTC
The su command in sys-apps/shadow segfaults when given a password containing EOF (ctrl+d).  I believe it is related to the pam use flag, although it is possible it is simply a coincidence with the version change.

Reproducible: Always

Steps to Reproduce:
0. (maybe) emerge sys-apps/shadow with the pam use flag enabled
1. run su
2. enter ctrl+d as your password

Actual Results:  
Segfault

0xb7dcc5e3 in strlen () from /lib/libc.so.6
gdb> bt
#0  0xb7dcc5e3 in strlen () from /lib/libc.so.6
#1  0xb7d08c3f in pam_get_pass () from /lib/security/pam_ssh.so
#2  0x00000000 in ?? ()
gdb> q


Expected Results:  
su: Authentication failure


I would test without the pam use flag, but it is marked as dangerous to arbitrarily flip.

Note that everything still works, there's just a segfault instead of an error message in this one particular case.
Comment 1 lklm 2009-04-18 13:21:27 UTC
Created attachment 188789 [details, diff]
Patch fixes the issue

This fixes the segfault with possibility for pam to work as configured.

Beware that example configuration for pam_ssh will try to check other modules so if EOF is entered as passphrase user will be prompted by other modules. This can be changed by using 'requisite' in pam configuration.

Please check if it works as this is my first fix for gentoo :)
I ask a gentoo developer to pick this up if it's any good.
Comment 2 SpanKY gentoo-dev 2009-04-20 05:24:22 UTC
not a shadow bug
Comment 3 Davide Pesavento gentoo-dev 2009-07-28 15:04:58 UTC
Still not fixed in 1.97
Comment 4 walt 2010-06-22 23:04:40 UTC
*** Bug 288711 has been marked as a duplicate of this bug. ***
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-26 19:29:34 UTC
*** Bug 329815 has been marked as a duplicate of this bug. ***
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-31 17:53:36 UTC
Finally fixed as of 1.97-r3.
Comment 7 Dennis Schridde 2010-11-01 00:32:58 UTC
Duplicate of bug #232907.
Comment 8 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-11-01 11:09:34 UTC
*** Bug 343397 has been marked as a duplicate of this bug. ***