1026203 – Missing crypt() NULL checks in pam modules

Bug 1026203 - Missing crypt() NULL checks in pam modules

Summary: Missing crypt() NULL checks in pam modules

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	pam
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:	Dalibor Pospíšil
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1009976 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-04 08:11 UTC by Qiao Zhao
Modified:	2018-12-09 17:15 UTC (History)
CC List:	5 users (show)
Fixed In Version:	pam-1.1.1-18.el6
Doc Type:	Bug Fix
Doc Text:	no doc text needed
Clone Of:
Environment:
Last Closed:	2014-10-14 08:09:57 UTC
Target Upstream Version:

Attachments	(Terms of Use)
core file (748.00 KB, application/x-core) 2013-11-04 08:11 UTC, Qiao Zhao	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1579	0	normal	SHIPPED_LIVE	pam bug fix update	2014-10-14 01:27:19 UTC

Description Qiao Zhao 2013-11-04 08:11:16 UTC

Created attachment 818956 [details]
core file

Description of problem:
Occur Segmentation faule (core dumped) when I change passwd on my kvm guest

Version-Release number of selected component (if applicable):
kernel: 2.6.32-425.el6.x86_64
glibc: glibc-2.12-1.129.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Update kernel to 2.6.32-425.el6.x86_64
2. change root passwd # passwd
3.

Actual results:
[root@localhost ~]# passwd 
Changing password for user root.
New password: 
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password: 
Segmentation fault (core dumped)

# dmesg
passwd[11228]: segfault at 0 ip 00007eac0b5fe7c4 sp 00007fff842e76f8 error 4 in libc-2.12.so[7eac0b57c000+18a000]

Expected results:
No segmentation fault

Additional info:

Comment 13 Tomas Mraz 2014-06-19 13:22:09 UTC

*** Bug 1009976 has been marked as a duplicate of this bug. ***

Comment 16 errata-xmlrpc 2014-10-14 08:09:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1579.html

Note You need to log in before you can comment on or make changes to this bug.