Bug 590269

Summary: Update to 3.12.4-17 breaks pam
Product: [Fedora] Fedora Reporter: Felipe Contreras <felipe.contreras>
Component: nss-softoknAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 12CC: emaldona, kengert, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-08 13:39:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Felipe Contreras 2010-05-08 13:26:45 UTC 
After updating nss-softokn{,-freebl} to 3.12.4-17 I'm not able to login to my system any more.

Reverting back to 3.12.4-15 fixes the problem.

Right after upgrade if I try to login (the password is correct):

% su felipec
Password: 
su: incorrect password

If I try to change my password:

% passwd
Changing password for user felipec.
Changing password for felipec.
(current) UNIX password: 
passwd: Authentication token manipulation error

If I remove the password for my user in /etc/shadow:

% passwd
Changing password for user felipec.
New password: 
Retype new password: 
zsh: segmentation fault  passwd

This is the backtrace:
#0  strncmp (s1=0xb7616c29 "6$", s2=0x0, n=3) at strncmp.c:66
#1  0xb76137ed in create_password_hash (pamh=<value optimized out>, password=<value optimized out>, ctrl=<value optimized out>, 
    rounds=<value optimized out>) at passverify.c:427
#2  0xb760fd1b in pam_sm_chauthtok (pamh=<value optimized out>, flags=<value optimized out>, argc=<value optimized out>, 
    argv=<value optimized out>) at pam_unix_passwd.c:754
#3  0x4d6cc36f in _pam_dispatch_aux (pamh=<value optimized out>, flags=<value optimized out>, choice=<value optimized out>)
    at pam_dispatch.c:110
#4  _pam_dispatch (pamh=<value optimized out>, flags=<value optimized out>, choice=<value optimized out>) at pam_dispatch.c:407
#5  0x4d6d0523 in pam_chauthtok (pamh=<value optimized out>, flags=<value optimized out>) at pam_password.c:48
#6  0x0804a035 in ?? ()
#7  0x4c58dbb6 in __libc_start_main (main=0x8049780, argc=1, ubp_av=0xbfec1bb4, init=0x804c170, fini=0x804c160, rtld_fini=
    0x4c563d10 <_dl_fini>, stack_end=0xbfec1bac) at libc-start.c:226
#8  0x08049641 in ?? ()

s2(sp) is null because crypt returns NULL here (the password is correct):
sp = crypt(password, salt);

And this is part of an strace that points to bug #504949:
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 5
read(5, "\356G&\256.\215\275(", 8)      = 8
close(5)                                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=104092, ...}) = 0
mmap2(NULL, 104092, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb75e1000
close(5)                                = 0
open("/lib/libnspr4.so", O_RDONLY)      = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 h\312M4\0\0\0"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=244572, ...}) = 0
close(5)                                = 0
munmap(0xb75e1000, 104092)              = 0
open("/proc/sys/crypto/fips_enabled", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libfreebl3.chk", O_RDONLY)   = 5
read(5, "\361\305\1\2\0\0\0\f\0\0\0\1", 12) = 12
lseek(5, 12, SEEK_SET)                  = 12
read(5, "\0\0\0\201", 4)                = 4
read(5, "\0\227D\35\314\r9\r\215\313u\334$%o\1\222\241\21\7kp\254s\327\202(\337\253\202\fA"..., 129) = 129
read(5, "\0\0\0\25", 4)                 = 4
read(5, "\0\330\26#4\212\236:\365\331\20\0235\252\363\363T\v1$\361", 21) = 21
read(5, "\0\0\0\200", 4)                = 4
read(5, "\3:\255\372:\f\352\nNC2\222\273\207\361\21\300\25598V\32\333#f\261\10\332\266\31QB"..., 128) = 128
read(5, "\0\0\0\200", 4)                = 4
read(5, "ZjJs\215\316\361\33\231?\26\362z7{\313q\23&p\203\262\330\5N\327\222\270V\226\20\334"..., 128) = 128
read(5, "\0\0\0(", 4)                   = 4
read(5, "YZ\2313\220\323\10\200\373\225L\231iC\t\256\257\243'\231\0d\ro\6\306]\262\245@\322\241"..., 40) = 40
close(5)                                = 0
stat64("/usr/sbin/prelink", {st_mode=S_IFREG|0755, st_size=1175812, ...}) = 0
pipe([5, 6])                            = 0
vfork()                                 = 10033
close(6)                                = 0
read(5, "", 512)                        = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
close(5)                                = 0
waitpid(10033, NULL, 0)                 = 10033
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Comment 1 Felipe Contreras 2010-05-08 13:39:09 UTC 

*** This bug has been marked as a duplicate of bug 590199 ***