Bug 146224 - When an application that links against libcrypto fails a pam_krb5 authentication the application will enter an endless loop in error_message() from <et/com_err.h>
Summary: When an application that links against libcrypto fails a pam_krb5 authenticat...
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pam_krb5 (Show other bugs)
(Show other bugs)
Version: 3
Hardware: i386 Linux
medium
high
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-26 02:28 UTC by Robert Theisen
Modified: 2008-02-05 06:00 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-05 06:00:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
source file for sample application (2.14 KB, text/plain)
2005-01-26 02:32 UTC, Robert Theisen
no flags Details

Description Robert Theisen 2005-01-26 02:28:37 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001
Firefox/0.10.1

Description of problem:

When an application is linked against libcrypto and uses pam for
authentication the application will slip into an endless loop after a
failed authentication attempt against kerberos if there has been a
previous authentication (successful or un)

So the first authentication attempt will not cause the loop, and any
subsequent successful attempts will not cause the loop but as soon as
an attempt (as long as it is not the first attempt) fails the
application will slip into an endless loop at error_message() provided
libcom_err (from e2fsprogs).

sample program.

-------------------------------------------------------------
#include <stdio.h>
#include <security/pam_appl.h>

static int _ar_pam_conversation(int nmsg, const struct pam_message
**msg, struct pam_response **res, void *arg) {
    int i;
    struct pam_response *reply;

    if(nmsg <= 0)
        return PAM_CONV_ERR;

    reply = (struct pam_response *) malloc( sizeof( struct
pam_response ) * ( nmsg + 1 ) );
    memset(reply, 0, sizeof(struct pam_response) * nmsg);

    for(i = 0; i < nmsg; i++) {
        if(msg[i]->msg_style == PAM_PROMPT_ECHO_OFF ||
msg[i]->msg_style == PAM_PROMPT_ECHO_ON) {
            reply[i].resp = strdup((char *) arg);
            reply[i].resp_retcode = 0;
        }
    }

    *res = reply;

    return PAM_SUCCESS;
}


int main(int argc, char **argv)
{

        struct pam_conv conv;
        pam_handle_t *pam;
        char * password;
        char * username;
        int ret;
        char buffer[1024];

        while (1) {
                printf("Enter username: ");
                fgets(buffer, 1024, stdin);
                buffer[(strlen(buffer)-1)] = 0;
                username = malloc(strlen(buffer)+1);
                if ( username ) {
                        strcpy(username, buffer);
                } else {
                        return 1;
                }

                memset(buffer, 0, 1024);

                printf("Enter password: ");
                fgets(buffer, 1024, stdin);
                buffer[(strlen(buffer)-1)] = 0;
                password = malloc(strlen(buffer)+1);
                if ( username ) {
                        strcpy(password, buffer);
                } else {
                        free(username);
                        return 1;
                }

                memset(buffer, 0, 1024);

                conv.conv = _ar_pam_conversation;
                conv.appdata_ptr = password;

                ret = pam_start("pamtest", username, &conv, &pam);

                if(ret != PAM_SUCCESS) {
                        printf("There was a problem in pam_start()\n");
                        free(username);
                        free(password);
                        return 1;
                }

                ret = pam_authenticate(pam, 0);


                if(ret != PAM_SUCCESS) {
                        printf("Pam authentication failed\n");
                }

                if(ret == PAM_SUCCESS) {
                        printf("Pam authentication succeeded\n");
                }

                pam_end(pam, ret);

                free(username);
                free(password);

        }
        return 0;
}
----------------------------------------------------------

if the above program is compiled with the command

gcc -lpam -o outfile source.c

and then outfile is executed then everything will work fine for
repeated authentication attempts.

if however it is compiled with the command

gcc -lpam -lcrypto -o outfile source.c

then the observerd bug will show up.

This bahaviour has been replicated in RHEL 4 test2.

Version-Release number of selected component (if applicable):
pam_krb5-2.1.2-1

How reproducible:
Always

Steps to Reproduce:
1.Link application against libcrypto
2.attempt to login first time (successfully or not)
3.attempt to login a second time during the same app run (but after a
pam_end ... pam_start)
4. only happens when kerberos authentication occurs
    

Actual Results:  endless loop

Expected Results:  should have timed out and failed gracefully with
the appropriate error message.

Additional info:

Reproducable in RHEL 4 test2!!!

Comment 1 Robert Theisen 2005-01-26 02:32:40 UTC
Created attachment 110237 [details]
source file for sample application

Comment 2 Matthew Miller 2006-07-10 20:50:20 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!


Comment 3 petrosyan 2008-02-05 06:00:13 UTC
Fedora Core 3 is not maintained anymore.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release please reopen this bug.


Note You need to log in before you can comment on or make changes to this bug.