[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 5 08:04:57 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=808
Summary: segfault if not using pam/keyboard-interactive mech and
password's expired
Product: Portable OpenSSH
Version: 3.8p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: buckh at pobox.com
if you don't authenticate via pam/keyboard-interactive, then when
do_pam_account figures out your password is expired and calls
pam_password_change_required, the latter will probably segfault when it
dereferences the uninitialized int *force_pwchange. this is b/c, if you
don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is
never called, so force_pwchange isn't properly initialized
i'll attach a workaround patch, but not without serious misgivings about
how crappy it is, so it won't hurt my feelings if you come up with a much
better fix
all in all, though, 3.8p1 does password-changing and chauthtok-ing
much better than it's predecessor, so thanks again for the great work
--buck
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list