Bug 836556

Summary: passwd segfaults if crypt() returns null
Product: [Fedora] Fedora Reporter: Milan Broz <mbroz>
Component: passwdAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: pvrabec, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-11 23:58:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Milan Broz 2012-06-29 13:35:19 UTC
Description of problem:
crypt() call can return NULL, if this happens, passwd fails.

Seen in fips mode (with buggy nss) but it can happen in other situations (ENOMEM).

Version-Release number of selected component (if applicable):
# rpm -q passwd pam

How reproducible:
Run with nss-3.13.4-3.fc17.x86_64 in fips mode and just change password

# passwd milan
Changing password for user milan.
New password: 
Retype new password: 
Segmentation fault (core dumped)

Core was generated by `passwd milan'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f385a85daa0 in __strncmp_sse42 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install audit-libs-2.2.1-1.fc17.x86_64 cracklib-2.8.18-3.fc17.x86_64 glib2-2.32.3-1.fc17.x86_64 glibc-2.15-37.fc17.x86_64 libffi-3.0.10-2.fc17.x86_64 libpwquality-1.1.1-1.fc17.x86_64 libselinux-2.1.10-3.fc17.x86_64 libuser-0.57.6-1.fc17.x86_64 nss-softokn-freebl-3.13.4-2.fc17.x86_64 popt-1.13-10.fc17.x86_64
(gdb) bt
#0  0x00007f385a85daa0 in __strncmp_sse42 () from /lib64/libc.so.6
#1  0x00007f3853670861 in create_password_hash (pamh=pamh@entry=0x7f385d7a3a60, password=0x7f385d7ac5e0 "m", ctrl=ctrl@entry=8395044, rounds=<optimized out>) at passverify.c:427
#2  0x00007f385366dc03 in pam_sm_chauthtok (pamh=0x7f385d7a3a60, flags=<optimized out>, argc=<optimized out>, argv=<optimized out>) at pam_unix_passwd.c:798
#3  0x00007f385b5490c4 in _pam_dispatch_aux (use_cached_chain=<optimized out>, resumed=<optimized out>, h=0x7f385d7a96d0, flags=8192, pamh=0x7f385d7a3a60) at pam_dispatch.c:110
#4  _pam_dispatch (pamh=pamh@entry=0x7f385d7a3a60, flags=flags@entry=8192, choice=choice@entry=6) at pam_dispatch.c:407
#5  0x00007f385b54d3b2 in pam_chauthtok (pamh=0x7f385d7a3a60, flags=0) at pam_password.c:46
#6  0x00007f385c94be5e in main (argc=<optimized out>, argv=<optimized out>) at passwd.c:532
(gdb) frame 1
#1  0x00007f3853670861 in create_password_hash (pamh=pamh@entry=0x7f385d7a3a60, password=0x7f385d7ac5e0 "m", ctrl=ctrl@entry=8395044, rounds=<optimized out>) at passverify.c:427
427             if (strncmp(algoid, sp, strlen(algoid)) != 0) {
(gdb) list
422                      * attacks well enough. */
423     #ifdef HAVE_CRYPT_GENSALT_R
424             }
425     #endif
426             sp = crypt(password, salt);
427             if (strncmp(algoid, sp, strlen(algoid)) != 0) {
428                     /* libxcrypt/libc doesn't know the algorithm, use MD5 */
429                     pam_syslog(pamh, LOG_ERR,
430                                "Algo %s not supported by the crypto backend, "
431                                "falling back to MD5\n",
(gdb) p sp
$1 = 0x0

(Well, perhaps pam bug...)

Comment 1 Fedora Update System 2012-06-29 19:49:04 UTC
pam-1.1.5-7.fc17 has been submitted as an update for Fedora 17.

Comment 2 Fedora Update System 2012-06-30 22:03:00 UTC
Package pam-1.1.5-7.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pam-1.1.5-7.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 3 Fedora Update System 2012-07-11 23:58:46 UTC
pam-1.1.5-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.