[Bug 2539] New: Add missing sanity check for read_passphrase() in auth-pam.c

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Feb 14 08:29:10 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2539

            Bug ID: 2539
           Summary: Add missing sanity check for read_passphrase() in
                    auth-pam.c
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: wp02855 at gmail.com

Created attachment 2784
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2784&action=edit
Patch file for this bug report

Hello All,

        In reviewing code in OpenSSH-7.1p2, it would appear in file
'auth-pam.c',
function 'sshpam_tty_conv()', there is a call to read_passphrase()
which
is not checked for a return value of NULL, indicating failure.  The
patch
file below should address/correct this issue:

--- auth-pam.c.orig     2016-02-13 09:44:14.656582235 -0800
+++ auth-pam.c  2016-02-13 09:46:14.583824370 -0800
@@ -982,6 +982,8 @@
                        reply[i].resp =
                            read_passphrase(PAM_MSG_MEMBER(msg, i,
msg),
                            RP_ALLOW_STDIN);
+                       if (reply[i].resp == NULL)
+                               goto fail;
                        reply[i].resp_retcode = PAM_SUCCESS;
                        break;
                case PAM_PROMPT_ECHO_ON:

=======================================================================

I am attaching the patch file to this bug report...

Bill Parker (wp02855 at gmail dot com)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list