Bug 73346 - pam_wheel segmentation faults when getlogin() fails
pam_wheel segmentation faults when getlogin() fails
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jindrich Novy
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2002-09-03 06:08 EDT by Göran Uddeborg
Modified: 2015-01-07 19:00 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-21 04:36:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to avoid this segmentation violation. (465 bytes, patch)
2002-09-03 06:09 EDT, Göran Uddeborg
no flags Details | Diff

  None (edit)
Description Göran Uddeborg 2002-09-03 06:08:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020724

Description of problem:
If pam_wheel is used without the use_uid argument, and if it is used in an
environment where getlogin() fails (and thus returns null), the process gets an
segmentation fault.

Version-Release number of selected component (if applicable): 0.75-40

How reproducible:

Steps to Reproduce:
1.Enter a line like this in /etc/pam.d/su.  (Note, no use_uid!)
auth       required     /lib/security/pam_wheel.so
2.Run "xterm -ut"
3.In this xterm, do "su" from one ordinary user to another.

Actual Results:  Segmentation violation

Expected Results:  I guess pam_wheel should deny access in this case, but it
should do so in an orderly way.

Additional info:

The reason is that the return value from getlogin() is used directly in a call
to _pam_getpwnam_r() without checking it first.  Afterwards the returned value
is checked, but that is too late.  The attached patch suggests a trivial solution.
Comment 1 Göran Uddeborg 2002-09-03 06:09:35 EDT
Created attachment 74644 [details]
Patch to avoid this segmentation violation.

Note You need to log in before you can comment on or make changes to this bug.