Red Hat Bugzilla – Bug 73346
pam_wheel segmentation faults when getlogin() fails
Last modified: 2015-01-07 19:00:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020724
Description of problem:
If pam_wheel is used without the use_uid argument, and if it is used in an
environment where getlogin() fails (and thus returns null), the process gets an
Version-Release number of selected component (if applicable): 0.75-40
Steps to Reproduce:
1.Enter a line like this in /etc/pam.d/su. (Note, no use_uid!)
auth required /lib/security/pam_wheel.so
2.Run "xterm -ut"
3.In this xterm, do "su" from one ordinary user to another.
Actual Results: Segmentation violation
Expected Results: I guess pam_wheel should deny access in this case, but it
should do so in an orderly way.
The reason is that the return value from getlogin() is used directly in a call
to _pam_getpwnam_r() without checking it first. Afterwards the returned value
is checked, but that is too late. The attached patch suggests a trivial solution.
Created attachment 74644 [details]
Patch to avoid this segmentation violation.