[Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault
Date: Wed, 25 May 2022 00:53:52 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893
Kubilay Kocak <koobs@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |mfc-stable13?,
| |mfc-stable12?
Keywords| |crash
URL| |https://reviews.freebsd.org
| |/D35169
Assignee|bugs@FreeBSD.org |khng@freebsd.org
Status|New |In Progress
--- Comment #3 from Kubilay Kocak <koobs@FreeBSD.org> ---
The branch main has been updated by khng:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c
commit b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c
Author: Yan Ka Chiu <nyan@myuji.xyz>
AuthorDate: 2022-05-22 16:33:02 +0000
Commit: Ka Ho Ng <khng@FreeBSD.org>
CommitDate: 2022-05-22 16:36:48 +0000
pam_exec: fix segfault when authtok is null
According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.
Bug reported on this:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893
After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.
This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.
MFC after: 1 week
Reviewed by: des, khng
Differential Revision: https://reviews.freebsd.org/D35169
--
You are receiving this mail because:
You are the assignee for the bug.