Bug 467208 - SIGSEGV on CTRL+D
SIGSEGV on CTRL+D
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_krb5 (Show other bugs)
5.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-16 07:53 EDT by Karel Zak
Modified: 2009-01-20 16:19 EST (History)
4 users (show)

See Also:
Fixed In Version: 2.2.14-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 16:19:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (2.27 KB, patch)
2008-10-27 11:33 EDT, Nalin Dahyabhai
no flags Details | Diff

  None (edit)
Description Karel Zak 2008-10-16 07:53:43 EDT
login(1) strace (executed by telned):

Program received signal SIGSEGV, Segmentation fault.
0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
#1  0x00002abe68b19212 in misc_conv () from /lib64/security/pam_krb5.so
#2  0x00002abe68b19665 in pam_sm_authenticate () from /lib64/security/pam_krb5.so
#3  0x00000030efc02dc7 in _pam_dispatch () from /lib64/libpam.so.0
#4  0x00000030efc026d2 in pam_authenticate () from /lib64/libpam.so.0
#5  0x0000000000403231 in main (argc=<value optimized out>, argv=<value optimized out>) at login.c:589


pam.d/system-auth:

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

reproduce by:

1. enable telnetd (/etc/xinetd.d/telnet), 
2. telnet localhost
3. ps aux | grep telnet on a different console, and strace/gdb <pid>
4. (at telnet session) press CTRL+D 3 or 4 times, 
    until you terminate the login session
Comment 1 Tomas Mraz 2008-10-16 09:51:02 EDT
Better backtrace with correct pam_krb5-debuginfo points at pam_krb5 as the culprit:

Program received signal SIGSEGV, Segmentation fault.
0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
(gdb) bt
#0  0x00000030ec877bc0 in strchr () from /lib64/libc.so.6
#1  0x00002b205170d212 in _pam_krb5_user_info_init (ctx=0x7bbba30, name=0x0, 
    realm=0x8612b80 "REDHAT.COM", check_user=1, num_mappings=0, mappings=0x0)
    at userinfo.c:187
#2  0x00002b205170d665 in pam_sm_authenticate (pamh=0x7bad130, flags=0, 
    argc=1, argv=0x7bb19d0) at auth.c:117
#3  0x00000030efc02dc7 in _pam_dispatch (pamh=0x7bad130, flags=0, choice=1)
    at pam_dispatch.c:83
#4  0x00000030efc026d2 in pam_authenticate (pamh=0x7bad130, flags=0)
    at pam_auth.c:34
#5  0x00000000004031a3 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at login.c:585
#6  0x00000030ec81d8b4 in __libc_start_main (main=0x402a90 <main>, argc=4, 
    ubp_av=0x7fff5a07bec8, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff5a07beb8) at libc-start.c:231
#7  0x00000000004024d9 in _start ()

rpm -q pam_krb5
pam_krb5-2.2.14-1.el5_2.1.x86_64
Comment 2 Nalin Dahyabhai 2008-10-16 14:13:55 EDT
It looks like pam_get_user() returned NULL for the user name (from misc_conv, I guess) with a successful result code.  Is it allowed to do that?
Comment 3 Tomas Mraz 2008-10-16 14:44:30 EDT
That's a tricky question I'd say that this is unspecified and that means that third party (non Linux-PAM) modules rather should be able to handle NULL user name even when pam_get_user returns success. On the other hand the current pam library in Fedora always returns error in case the conversation returned NULL data and that differs from the RHEL-5 version of PAM and older.
Comment 4 Nalin Dahyabhai 2008-10-16 17:32:44 EDT
I really doubt that this expectation is specific to pam_krb5, but we can certainly make the change there to get around it.
Comment 5 Nalin Dahyabhai 2008-10-27 11:33:02 EDT
Created attachment 321620 [details]
proposed patch
Comment 6 Zbysek MRAZ 2008-11-03 13:12:12 EST
Setting QA_ack

Better QA steps to reproduce.
1, enable krb5 autentificaion in the system
2, enable telnet
3, login with telnet not using root ID and hitting Ctrl+D for the password
4, trace the 'login' process PID where telnetd is its parent
5, Keep hitting Ctrl+D on client until terminate
Comment 12 errata-xmlrpc 2009-01-20 16:19:46 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0135.html

Note You need to log in before you can comment on or make changes to this bug.