bin/103873: login(1) SEGFAULT on unsuccessful login
Christian S.J. Peron
csjp at sqrt.ca
Sun Oct 1 11:41:37 PDT 2006
Thanks for bringing this to my attention!
Revision 1.101 is not quite correct. Although I agree that
unconditionally dereferencing the pwd pointer is problematic, not
submitting any audit record at all could also be considered a big
problem too. If the audit record can not be attributed to a user, we
should be marking it as a non-attributable event by setting the audit ID
to AU_DEFAUDITID, and setting the other uid/gid et al to -1. For
example, in the OpenSSH code we do this when we cant attribute the event
to any specific user:
header,99,10,OpenSSH login,0,Sun Oct 1 12:52:58 2006, + 92 msec
subject,-1,-1,-1,-1,-1,3277,3277,52157,10.0.0.1
text,invalid user name "sdfgsdf"
return,failure : No such process,4294967295
trailer,99
I will get this fixed up in HEAD and get it MFCed as soon as possible.
Ruslan Ermilov wrote:
> Synopsis: login(1) SEGFAULT on unsuccessful login
>
> Responsible-Changed-From-To: freebsd-bugs->csjp
> Responsible-Changed-By: ru
> Responsible-Changed-When: Sun Oct 1 17:29:34 UTC 2006
> Responsible-Changed-Why:
> Christian did the MFC so he eats all the bugs now. :-)
>
> The fix proposed in the PR should be replaced by simply MFCing
> rev. 1.101 to login.c:
>
> : date: 2006/03/28 15:30:42; author: cognet; state: Exp; lines: +5 -2
> : Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to
> : dereference it.
> : This will happen if we ^D at the Login: prompt without having provided a
> : valid login before.
> : Set pwd to NULL on bad login attempts to prevent audit_logout() from being
> : called for a user which didn't actually log on.
> :
> : Reported by: Jerome Magnin jethro at docisland dot org
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=103873
>
>
>
More information about the freebsd-bugs
mailing list