Mailing List Archive: [Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired

[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired

Mar 4, 2004, 1:04 PM

Post #1 of 4 (266 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=808

Summary: segfault if not using pam/keyboard-interactive mech and
password's expired
Product: Portable OpenSSH
Version: 3.8p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: buckh@pobox.com

if you don't authenticate via pam/keyboard-interactive, then when
do_pam_account figures out your password is expired and calls
pam_password_change_required, the latter will probably segfault when it
dereferences the uninitialized int *force_pwchange. this is b/c, if you
don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is
never called, so force_pwchange isn't properly initialized

i'll attach a workaround patch, but not without serious misgivings about
how crappy it is, so it won't hurt my feelings if you come up with a much
better fix

all in all, though, 3.8p1 does password-changing and chauthtok-ing
much better than it's predecessor, so thanks again for the great work

--buck

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired [ In reply to ]

bugzilla-daemon at mindrot

Mar 4, 2004, 1:06 PM

Post #2 of 4 (269 views)

Permalink

http://bugzilla.mindrot.org/show_bug.cgi?id=808

------- Additional Comments From buckh@pobox.com 2004-03-05 08:06 -------
Created an attachment (id=568)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=568&action=view)
referenced patch

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired [ In reply to ]

bugzilla-daemon at mindrot

Mar 7, 2004, 2:00 PM

Post #3 of 4 (274 views)

Permalink

http://bugzilla.mindrot.org/show_bug.cgi?id=808

------- Additional Comments From buckh@pobox.com 2004-03-05 08:04 -------
if you don't authenticate via pam/keyboard-interactive, then when
do_pam_account figures out your password is expired and calls
pam_password_change_required, the latter will probably segfault when it
dereferences the uninitialized int *force_pwchange. this is b/c, if you
don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is
never called, so force_pwchange isn't properly initialized

i'll attach a workaround patch, but not without serious misgivings about
how crappy it is, so it won't hurt my feelings if you come up with a much
better fix

all in all, though, 3.8p1 does password-changing and chauthtok-ing
much better than it's predecessor, so thanks again for the great work

--buck

------- Additional Comments From buckh@pobox.com 2004-03-05 08:06 -------
Created an attachment (id=568)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=568&action=view)
referenced patch

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired [ In reply to ]

bugzilla-daemon at mindrot

Mar 8, 2004, 4:06 AM

Post #4 of 4 (270 views)

Permalink

http://bugzilla.mindrot.org/show_bug.cgi?id=808

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED

------- Additional Comments From dtucker@zip.com.au 2004-03-08 23:06 -------
A fix for this (id #596) has been committed, tomorrow's snapshot will have it.
Please test it and re-open this bug if there are any problems with it.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.