Bug 467208 - SIGSEGV on CTRL+D
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_krb5 (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2008-10-16 07:53 EDT by Karel Zak
Modified: 2009-01-20 16:19 EST (History)
4 users (show)

See Also:
Fixed In Version: 2.2.14-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 16:19:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch (2.27 KB, patch)
2008-10-27 11:33 EDT, Nalin Dahyabhai
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0135 normal SHIPPED_LIVE pam_krb5 bug fix update 2009-01-20 11:04:59 EST

  None (edit)
Description Karel Zak 2008-10-16 07:53:43 EDT
login(1) strace (executed by telned):

Program received signal SIGSEGV, Segmentation fault.
0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
#1  0x00002abe68b19212 in misc_conv () from /lib64/security/pam_krb5.so
#2  0x00002abe68b19665 in pam_sm_authenticate () from /lib64/security/pam_krb5.so
#3  0x00000030efc02dc7 in _pam_dispatch () from /lib64/libpam.so.0
#4  0x00000030efc026d2 in pam_authenticate () from /lib64/libpam.so.0
#5  0x0000000000403231 in main (argc=<value optimized out>, argv=<value optimized out>) at login.c:589


auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

reproduce by:

1. enable telnetd (/etc/xinetd.d/telnet), 
2. telnet localhost
3. ps aux | grep telnet on a different console, and strace/gdb <pid>
4. (at telnet session) press CTRL+D 3 or 4 times, 
    until you terminate the login session
Comment 1 Tomas Mraz 2008-10-16 09:51:02 EDT
Better backtrace with correct pam_krb5-debuginfo points at pam_krb5 as the culprit:

Program received signal SIGSEGV, Segmentation fault.
0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
#1  0x00002b205170d212 in _pam_krb5_user_info_init (ctx=0x7bbba30, name=0x0, 
    realm=0x8612b80 "REDHAT.COM", check_user=1, num_mappings=0, mappings=0x0)
    at userinfo.c:187
#2  0x00002b205170d665 in pam_sm_authenticate (pamh=0x7bad130, flags=0, 
    argc=1, argv=0x7bb19d0) at auth.c:117
#3  0x00000030efc02dc7 in _pam_dispatch (pamh=0x7bad130, flags=0, choice=1)
    at pam_dispatch.c:83
#4  0x00000030efc026d2 in pam_authenticate (pamh=0x7bad130, flags=0)
    at pam_auth.c:34
#5  0x00000000004031a3 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at login.c:585
#6  0x00000030ec81d8b4 in __libc_start_main (main=0x402a90 <main>, argc=4, 
    ubp_av=0x7fff5a07bec8, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff5a07beb8) at libc-start.c:231
#7  0x00000000004024d9 in _start ()

rpm -q pam_krb5
Comment 2 Nalin Dahyabhai 2008-10-16 14:13:55 EDT
It looks like pam_get_user() returned NULL for the user name (from misc_conv, I guess) with a successful result code.  Is it allowed to do that?
Comment 3 Tomas Mraz 2008-10-16 14:44:30 EDT
That's a tricky question I'd say that this is unspecified and that means that third party (non Linux-PAM) modules rather should be able to handle NULL user name even when pam_get_user returns success. On the other hand the current pam library in Fedora always returns error in case the conversation returned NULL data and that differs from the RHEL-5 version of PAM and older.
Comment 4 Nalin Dahyabhai 2008-10-16 17:32:44 EDT
I really doubt that this expectation is specific to pam_krb5, but we can certainly make the change there to get around it.
Comment 5 Nalin Dahyabhai 2008-10-27 11:33:02 EDT
Created attachment 321620 [details]
proposed patch
Comment 6 Zbysek MRAZ 2008-11-03 13:12:12 EST
Setting QA_ack

Better QA steps to reproduce.
1, enable krb5 autentificaion in the system
2, enable telnet
3, login with telnet not using root ID and hitting Ctrl+D for the password
4, trace the 'login' process PID where telnetd is its parent
5, Keep hitting Ctrl+D on client until terminate
Comment 12 errata-xmlrpc 2009-01-20 16:19:46 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.