1120104 – pam segfaults on unexpected /etc/security/opasswd contents

Bug 1120104 - pam segfaults on unexpected /etc/security/opasswd contents

Summary: pam segfaults on unexpected /etc/security/opasswd contents

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-16 09:37 UTC by Filip Krska
Modified:	2014-12-18 06:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:	pam-1.1.8-2.fc20
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1120099
Environment:
Last Closed:	2014-12-18 06:07:44 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Filip Krska 2014-07-16 09:37:58 UTC

reproduces with pam-1.1.8-1.fc20.x86_64 as well

+++ This bug was initially created as a clone of Bug #1120099 +++

Description of problem:

pam segfaults when user wants to reset his password and a line beginning with his username exists in /etc/security/opasswd, however the record doesn't follow expected structure (e.g. accidentally rewrite content of /etc/security/opasswd with contents of /etc/passwd)

Version-Release number of selected component (if applicable):

pam-1.1.1-17.el6_5.x86_64

How reproducible:

Always

Steps to Reproduce:
1. add remember=3 to /etc/pam.d/system-auth-ac:
# diff /etc/pam.d/system-auth-ac /etc/pam.d/system-auth-ac.bak.2014.07.14
16c16
< password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=3
---
> password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

2. # useradd test
3. # passwd test
4. mangle /etc/security/opasswd, e.g.
# cat /etc/security/opasswd
test

or

# cat /etc/security/opasswd
test:x:501:501::/home/test:/bin/bash
5. # su - test
6. $ passwd

Actual results:

Changing password for user test.
Changing password for test.
(current) UNIX password: 
New password: 
Retype new password: 
Segmentation fault

Expected results:

Changing password for user gpedr00.
Changing password for gpedr00.
(current) UNIX password: 
New password: 
Retype new password: 
passwd: Authentication token manipulation error

Additional info:

Patch attached, didn't managed to reproduce the segfault with the patch (doesn't necessarily mean it's bulletproof or elegant). Throwing more descripting error message than just general "passwd: Authentication token manipulation error" would be also fine, not only in this case.

Comment 1 Fedora Update System 2014-12-05 10:28:07 UTC

pam-1.1.8-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/pam-1.1.8-2.fc20

Comment 2 Fedora Update System 2014-12-05 10:28:19 UTC

pam-1.1.6-13.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/pam-1.1.6-13.fc19

Comment 3 Fedora Update System 2014-12-06 02:29:37 UTC

Package pam-1.1.8-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pam-1.1.8-2.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-16350/pam-1.1.8-2.fc20
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2014-12-18 06:07:44 UTC

pam-1.1.8-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.