ports/115765: uucpd from net/freebsd-uucp traps with PAM and unknown user
Valentin Nechayev
netch at lucky.net
Thu Aug 23 19:20:02 UTC 2007
>Number: 115765
>Category: ports
>Synopsis: uucpd from net/freebsd-uucp traps with PAM and unknown user
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 23 19:20:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Valentin Nechayev
>Release: FreeBSD 6.2-RELEASE-p1 i386
>Organization:
Lucky Net Ltd.
>Environment:
System: FreeBSD 6.2-RELEASE-p1
Port version: freebsd-uucp-pam-1.07.2
>Description:
In port net/freebsd-uucp:
When compiled with PAM, uucpd shows the following bug: if user specified
in command line is unknown, getpwnam() returns NULL; then, auth_pam()
tries to extract pw->pw_name and gets SIGSEGV.
gdb'ing of core file shows:
#0 0x08049778 in auth_pam () at uucpd.c:354
354 cred_t auth_cred = { pw->pw_name, passwd };
(gdb) p pw
$1 = (struct passwd *) 0x0
This isn't kind of security problem but rather annoys.
>How-To-Repeat:
Compile and install the port, start uucpd from inetd or command line,
enter unknown user and arbitrary password.
>Fix:
Patch uucpd.c (I don't know whether to better patch by port system
or in repository) with the following patch.
I also added sleep(3) on bad login according to common practice.
--- uucpd.c.0 Thu Jan 8 20:28:23 2004
+++ uucpd.c Thu Aug 23 21:25:22 2007
@@ -173,6 +173,7 @@
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"LOGIN FAILURE FROM %s, %s", remotehost, name);
+ sleep(3);
fprintf(stderr, "Login incorrect.\n");
exit(1);
}
@@ -208,6 +209,8 @@
/* pw might get changed by auth_pam */
pw = getpwnam(user);
+ if (pw == NULL)
+ badlogin(user);
#ifdef USE_PAM
/*
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list