Bug#330097: marked as done (libpam0g: could handle garbage input more gracefully)

[Debian Bug Tracking System]

Your message dated Mon, 26 Sep 2005 20:47:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#330097: fixed in pam 0.79-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Sep 2005 22:36:05 +0000
>From [EMAIL PROTECTED] Sun Sep 25 15:36:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtpsrv1.isis.unc.edu (smtp.unc.edu) [152.2.1.140] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EJf6L-0008RX-00; Sun, 25 Sep 2005 15:36:05 -0700
Received: from laplace.or.unc.edu (laplace.or.unc.edu [152.2.30.59])
        by smtp.unc.edu (8.13.4/8.13.4) with ESMTP id j8PMZTrB015153
        (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT);
        Sun, 25 Sep 2005 18:35:29 -0400 (EDT)
Received: from user-0ce2kof.cable.mindspring.com ([24.225.83.15] 
helo=Chrestomanci)
        by laplace.or.unc.edu with esmtp (Exim 4.50)
        id 1EJf5m-0008B8-3r; Sun, 25 Sep 2005 18:35:30 -0400
Received: from faheem by Chrestomanci with local (Exim 4.50)
        id 1EJf5l-00080R-D2; Sun, 25 Sep 2005 18:35:29 -0400
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Faheem Mitha <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libpam0g: could handle garbage input more gracefully
X-Mailer: reportbug 3.15
Date: Sun, 25 Sep 2005 18:35:29 -0400
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: libpam0g
Version: 0.76-22
Severity: wishlist


Hi,

If one adds a 

~

as the final line of /etc/pam.d/common-password (default settings for
Sarge), then both su and passwd and probably other utilities using PAM
segfault. I get

gdb /bin/su
GNU gdb 6.3-debian
[...]
(gdb) run
Starting program: /bin/su 
(no debugging symbols found)
[...]

Program received signal SIGSEGV, Segmentation fault.
0x4005e19c in _pam_strCMP () from /lib/libpam.so.0

I'm not sure where is bug report belongs, but since /lib/libpam.so.0 is in
libpam0g, that is what I am filing it against.

                                                        Sincerely, Faheem.

-- System Information:
Debian Release: 3.1
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'stable'), (50, 'unstable'), (50, 
'testing'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27.040914
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libpam0g depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar

libpam0g recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 330097-close) by bugs.debian.org; 27 Sep 2005 03:48:43 +0000
>From [EMAIL PROTECTED] Mon Sep 26 20:48:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EK6Qt-0002hm-00; Mon, 26 Sep 2005 20:47:07 -0700
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#330097: fixed in pam 0.79-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 26 Sep 2005 20:47:07 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 9

Source: pam
Source-Version: 0.79-1

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_0.79-1_i386.deb
  to pool/main/p/pam/libpam-cracklib_0.79-1_i386.deb
libpam-doc_0.79-1_all.deb
  to pool/main/p/pam/libpam-doc_0.79-1_all.deb
libpam-modules_0.79-1_i386.deb
  to pool/main/p/pam/libpam-modules_0.79-1_i386.deb
libpam-runtime_0.79-1_all.deb
  to pool/main/p/pam/libpam-runtime_0.79-1_all.deb
libpam0g-dev_0.79-1_i386.deb
  to pool/main/p/pam/libpam0g-dev_0.79-1_i386.deb
libpam0g_0.79-1_i386.deb
  to pool/main/p/pam/libpam0g_0.79-1_i386.deb
pam_0.79-1.diff.gz
  to pool/main/p/pam/pam_0.79-1.diff.gz
pam_0.79-1.dsc
  to pool/main/p/pam/pam_0.79-1.dsc
pam_0.79.orig.tar.gz
  to pool/main/p/pam/pam_0.79.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 25 Sep 2005 22:08:20 -0700
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime 
libpam-cracklib
Architecture: source i386 all
Version: 0.79-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description: 
 libpam-cracklib - PAM module to enable cracklib support.
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 248310 249499 284954 295296 300775 319026 323982 327876 330097
Changes: 
 pam (0.79-1) unstable; urgency=low
 .
   * New upstream version (closes: #284954, #300775).
     - includes some fixes for typos (closes: #319026).
     - pam_unix should now be LSB 3.0-compliant (closes: #323982).
     - fixes segfaults in libpam on config file syntax errors
       (closes: #330097).
   * Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
     011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
     025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
     033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
     035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
     041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
     051_32_bit_pam_lastlog_ll_time, and
     053_pam_unix_user_known_returns_user_unknown which have been
     integrated upstream.
   * Merge one last bit of patch 053 into patch 043, where it should have
     been in the first place
   * Patch 057: SELinux support:
     - add support to pam_unix for copying SELinux security contexts when
       writing out new passwd/shadow files and creating lockfiles
     - support calling unix_chkpwd if opening /etc/shadow fails due to
       SELinux permissions
     - allow unix_chkpwd to authenticate for any user when in an SELinux
       context (hurray!); we depend on SELinux policies to prevent the
       helper's use as a brute force tool
     - also support querying user expiration info via unix_chkpwd
     - misc cleanup: clean up file descriptors when invoking unix_chkpwd
       (closes: #248310)
     - make pam_rootok check the SELinux passwd class permissions, not just
       the uid
     - add new pam_selinux module (closes: #249499)
   * Build-depend on libselinux1-dev.
   * Fix pam_getenv, so that it can read the actual format of /etc/environment
     instead of trying to read it using the syntax of
     /etc/security/pam_env.conf; thanks to Colin Watson for the patch.
     Closes: #327876.
   * Set LC_COLLATE=C when using alphabetic range expressions in
     debian/rules; bah, so *that's* what kept happening to my README file
     when trying to build out of svn!  Closes: #295296.
   * Add a reference to the text of the GPL to debian/copyright.
Files: 
 b538a52de86f4ec392e47e916de5da26 935 base optional pam_0.79-1.dsc
 e33cc6e6fd86b01d0a44ec3232a2fb74 491964 base optional pam_0.79.orig.tar.gz
 76b7ed9a2ce75c3b98a5c08d07d53e95 127029 base optional pam_0.79-1.diff.gz
 712ee3ba2994dcde53cfc1a1d902822c 62900 base required 
libpam-runtime_0.79-1_all.deb
 9f6225763560fba7b5160a71077a6389 674712 doc optional libpam-doc_0.79-1_all.deb
 97b75dfca8ecaf2643107673df7bee46 77758 base required libpam0g_0.79-1_i386.deb
 f8d043742dacff0b1da3fdc45e7d83cb 181676 base required 
libpam-modules_0.79-1_i386.deb
 ecbf56a7bb3930a2eff53573595d1558 115480 libdevel optional 
libpam0g-dev_0.79-1_i386.deb
 0aa8356c9bbd004a0294e9a3f6cb0f38 57820 libs optional 
libpam-cracklib_0.79-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDOIxvKN6ufymYLloRAk5PAJ4pIunm/TewJai4u7AJxIdWyQFGtgCeMTdc
1Ewv31KV3kxWGlHBPzSxX+g=
=QPW8
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]