| Summary: | pam_lastlog may pass a NULL pointer to localtime_r | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Paulo Andrade <pandrade> | |
| Component: | pam | Assignee: | Tomas Mraz <tmraz> | |
| Status: | CLOSED ERRATA | QA Contact: | Dalibor Pospíšil <dapospis> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.2 | CC: | dapospis, pkis, tmraz | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | s390x | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | pam-1.1.8-14.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1341167 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-04 03:32:13 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2314.html |
This problem is very difficult to reproduce. It did happen all the time with the command: $ su - The analysis of the code path shows: if (!(announce & LASTLOG_QUIET)) { if (last_login.ll_time) { /* we want the date? */ if (announce & LASTLOG_DATE) { struct tm *tm, tm_buf; time_t ll_time; ll_time = last_login.ll_time; tm = localtime_r (&ll_time, &tm_buf); strftime (the_time, sizeof (the_time), /* TRANSLATORS: "strftime options for date of last login" */ _(" %a %b %e %H:%M:%S %Z %Y"), tm); The localtime_r call returns NULL, then it pass NULL to strftime, and crashes. It should check the return value of localtime_r before calling strftime. The user was told to execute: # sed -e 's/\(pam_lastlog.so.*\)/\1 nodate/g' -i /etc/pam.d/postlogin that fixed the problem, but more interestingly, after reverting the sed script change, it continued to work, so, the problem appears to have been a corrupted last_login.ll_time, that may have been a corrupted /var/log/lastlog