[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash

Thu, 08 Oct 2020 16:21:13 -0700 

Confirmed the issue

** Changed in: libcap2 (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1899103

Title:
  libpam-cap causes PAM applications to crash

Status in libcap2 package in Ubuntu:
  Confirmed

Bug description:
  Install ocserv and setup for PAM authentication. On second connection,
  ocserv crashes due to a double free in PAM.

  Repro steps:
  1. Create Dockerfile that installs ocserv + libpam-cap
  ```
  FROM ubuntu:20.04

  RUN apt update && apt install -y ocserv libpam-cap && apt autoremove
  && apt clean

  COPY server-cert.pem /etc/ssl/ocserv_test.cert
  COPY server-key.pem /etc/ssl/ocserv_test.key
  COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
  COPY ocserv.conf /etc/ocserv/ocserv.conf

  RUN useradd test
  RUN echo "test\ntest" | passwd test

  ENV MALLOC_CHECK_=3
  CMD ocserv -f -d 1
  ```

  2. Build container:
  ```
  sudo docker build -t ocserv:20.04 .
  ```

  3. Launch container:
  ```
  docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun 
--cap-add net_admin ocserv:20.04
  ```

  4. From another console, connect / disconnect:
  ```
  while true; do echo test | openconnect https://localhost -u test 
--passwd-on-stdin --servercert 
pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 
&& pkill openconnect && sleep 2;done
  ```

  5. ocserv crashes:
  free(): invalid pointer
  ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed
  ocserv[8]: main: main.c:1179: error in command from sec-mod
  ocserv[8]: main: termination request received; waiting for children to die

  For more details see:
  https://gitlab.com/openconnect/ocserv/-/issues/361

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to