Hello. I use sql plugin with sqlite backend. Relevant config piece: pwcheck_method: auxprop auxprop_plugin: sql sql_engine: sqlite sql_database: my.db sql_select: SELECT pwd FROM users WHERE login = '%u' sql_verbose: yes
I got SEGFAULTs on user with unknown login authorisation attempts. I've found sql_auxprop_lookup() using 'value' and (most important) 'value_len' without previous initialization. Sqlite backend does not change value_len if nothing was read from db. So we get utils->prop_set() accessing random memory. If we are lucky, it's within allocated 8192 bytes of 'value', but it's garbage. If we are more lucky, we see SEGFAULTs and discover a bug. Proposed patch (see attachment) initializes 'value' and 'value_len' with zeroes. It works for me.
sql-plugin-fix-crash-on-unknown-user
Description: Binary data
