ports/112983: XDMCP login from remote host crashs xdm in xorg 7.2

Takamichi Tateoka tate at tateoka.org
Fri May 25 09:00:11 UTC 2007

>Number:         112983
>Category:       ports
>Synopsis:       XDMCP login from remote host crashs xdm in xorg 7.2
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 25 09:00:09 GMT 2007
>Originator:     Takamichi Tateoka
>Release:        FreeBSD 6.2-RELEASE-p5 i386
System: FreeBSD leaf.mobile.tateoka.org 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #1: Fri May 25 02:16:41 JST 2007 tate at leaf.mobile.tateoka.org:/usr/src/sys/i386/compile/GENERIC i386

	xorg 7.2 upgraded.

	XDMCP login from remote host crashs xdm.

	Xdm is crashed because pam_get_item() in 
	pam_sm_close_session() makes variable "tty" as NULL.
	Following patch makes it clear:

*** /usr/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c.orig	Fri May 25 15:59:00 2007
--- /usr/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c	Fri May 25 16:14:18 2007
*** 173,178 ****
--- 173,183 ----
          const void *tty;
          pam_get_item(pamh, PAM_TTY, (const void **)&tty);
+ 	if (tty == NULL){
+ 		syslog(LOG_ERR, "tty is NULL");
+ 		return(PAM_SYSTEM_ERR);
+ 	}
  	if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
  		tty = (const char *)tty + strlen(_PATH_DEV);
  	if (*(const char *)tty == '\0')

	With this patch, xdm logged to /var/log/messages following lines:

May 25 16:29:53 leaf xdm: tty is NULL
May 25 16:29:53 leaf xdm: in _openpam_check_error_code(): pam_sm_close_session()
: unexpected return value 4

	- add LISTEN and remote host IP address to Xaccess file on target host.
	- comment out DisplayManager.requestPort in xdm-config file on target host.
	- start xdm on target host.
	- execute "X -query targethost" from remote host.
	xdm window appears on remote host, but it cause SEGV if login.

	/var/log/messages on target host says like that:
	May 25 16:05:35 leaf kernel: pid 88443 (xdm), uid 0: exited on signal 11 (core d umped)



More information about the freebsd-ports-bugs mailing list