https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235647
Bug ID: 235647
Summary: pam_verror may cause segmentation fault
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: misc
Assignee: b...@freebsd.org
Reporter: hoomanfaza...@gmail.com
The pam_verror may cause segmentation fault.
Consider the following scenario:
1. A service module (for instance, pam_unix) calls PAM_VERBOSE_ERROR.
That macro expands to _pam_verbose_error call.
2. _pam_verbose_error calls pam_verror if the PAM_SILENT flag is not
set on the PAM handle and no_warn option is not set for the service
module.
3. pam_verror allocates 'char *rsp' on stack w/o initializing it to NULL,
(a dangling pointer), and makes
pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap) call.
4. Now if the the PAM conversation is NULL, pam_vprompt soon returns
w/ PAM_SYSTEM_ERR and __does not__ set *rsp.
5. pam_verror then does FREE(rsp) and if rsp happens to be anything other
than NULL, a segmentation fault happens.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
