bin/59776: ftpd(8)/FreeBSD 5: PAM "session" code is unreachable

Nick Leuta skynick at mail.sc.ru
Fri Nov 28 15:30:36 PST 2003 

>Number:         59776
>Category:       bin
>Synopsis:       ftpd(8)/FreeBSD 5: PAM "session" code is unreachable
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 28 15:30:23 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Nick Leuta
>Release:        FreeBSD 4.9-RC i386
>Organization:
Lipetsk State Technical University
>Environment:
System: FreeBSD skynick.stu.lipetsk.ru 4.9-RC FreeBSD 4.9-RC #0: Sun Nov 23 19:53:55 MSK 2003 root at skynick.stu.lipetsk.ru:/usr/src/sys/compile/CORSAIR i386
>Description:
The global "pam_handle_t *pamh" variable is redeclared in the auth_pam()
function, so the global "*pamh" will always be NULL and so the
pam_open_session() call will always be unreachable.
>How-To-Repeat:
Put the pam_deny.so module into the "session" group as a required module and
see the logs...
>Fix:

diff -urN ftpd.ORI/ftpd.c ftpd/ftpd.c
--- ftpd.ORI/ftpd.c	Sat Nov 15 14:08:26 2003
+++ ftpd/ftpd.c	Wed Nov 26 01:49:26 2003
@@ -1162,13 +1162,15 @@
 		       LOGIN_SETMAC);
 #endif
 #ifdef USE_PAM
-	if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
-		syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, e));
-	if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS)
-		syslog(LOG_ERR, "pam_close_session: %s", pam_strerror(pamh, e));
-	if ((e = pam_end(pamh, e)) != PAM_SUCCESS)
-		syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
-	pamh = NULL;
+	if (pamh) {
+		if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS)
+			syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, e));
+		if ((e = pam_close_session(pamh,0)) != PAM_SUCCESS)
+			syslog(LOG_ERR, "pam_close_session: %s", pam_strerror(pamh, e));
+		if ((e = pam_end(pamh, e)) != PAM_SUCCESS)
+			syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
+		pamh = NULL;
+	}
 #endif
 	logged_in = 0;
 	guest = 0;
@@ -1238,7 +1240,6 @@
 static int
 auth_pam(struct passwd **ppw, const char *pass)
 {
-	pam_handle_t *pamh = NULL;
 	const char *tmpl_user;
 	const void *item;
 	int rval;
@@ -1249,6 +1250,7 @@
 	e = pam_start("ftpd", (*ppw)->pw_name, &conv, &pamh);
 	if (e != PAM_SUCCESS) {
 		syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e));
+		/* pamh is NULL */
 		return -1;
 	}
 
@@ -1256,6 +1258,10 @@
 	if (e != PAM_SUCCESS) {
 		syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
 			pam_strerror(pamh, e));
+		if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
+			syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
+		}
+		pamh = NULL;
 		return -1;
 	}
 
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list