Your message dated Thu, 04 Apr 2013 17:47:55 +0000 with message-id <[email protected]> and subject line Bug#657524: fixed in yubico-pam 2.13-1 has caused the Debian Bug report #657524, regarding libpam-yubico: segfaults on the failed second challenge-responses to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 657524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657524 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libpam-yubico Version: 2.10-1 Severity: important Tags: upstream patch I use a Yubikey 2.2.4 with libpam-yubico for challenge-response authentication. The authentication requires two phases of challenges-responses. I set the Yubikey to wait for key press before answering the challenges. Sometimes when I press the key too long at the first phase, it segfaults like this instead of a simple failure: *** glibc detected *** sudo: double free or corruption (out): 0x000000000138efc0 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x72656)[0x7fc05233f656] /lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7fc05234438c] /lib/x86_64-linux-gnu/libc.so.6(fclose+0x14d)[0x7fc0523305ad] /lib/security/pam_yubico.so(pam_sm_authenticate+0xb1e)[0x7fc050fdfb0e] /lib/x86_64-linux-gnu/libpam.so.0(+0x31f5)[0x7fc0511e71f5] /lib/x86_64-linux-gnu/libpam.so.0(pam_authenticate+0x38)[0x7fc0511e6a78] /usr/lib/sudo/sudoers.so(+0x6442)[0x7fc0513f8442] /usr/lib/sudo/sudoers.so(+0x5d34)[0x7fc0513f7d34] ... The following working patch clearly shows the problem. diff -ru5p yubico-pam-2.10.orig/pam_yubico.c yubico-pam-2.10/pam_yubico.c --- yubico-pam-2.10.orig/pam_yubico.c 2011-12-13 23:54:55.000000000 +0800 +++ yubico-pam-2.10/pam_yubico.c 2012-01-27 01:36:41.139640251 +0800 @@ -524,10 +524,11 @@ do_challenge_response(pam_handle_t *pamh if (fclose(f) < 0) { f = NULL; goto out; } + f = NULL; if (restore_privileges(pamh) < 0) { DBG (("could not restore privileges")); goto out; } ... out: ... if (f) fclose(f); -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-yubico depends on: ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-24 ii libldap-2.4-2 2.4.28-1.1 ii libpam-runtime 1.1.3-6 ii libpam0g 1.1.3-6 ii libykclient3 2.6-1 ii libykpers-1-1 1.6.3-1 ii libyubikey0 1.7-1 libpam-yubico recommends no packages. libpam-yubico suggests no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: yubico-pam Source-Version: 2.13-1 We believe that the bug you reported is fixed in the latest version of yubico-pam, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon Josefsson <[email protected]> (supplier of updated yubico-pam package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 04 Apr 2013 19:18:22 +0200 Source: yubico-pam Binary: libpam-yubico Architecture: source amd64 Version: 2.13-1 Distribution: unstable Urgency: low Maintainer: Yubico Open Source Maintainers <[email protected]> Changed-By: Simon Josefsson <[email protected]> Description: libpam-yubico - two-factor password and YubiKey OTP PAM module Closes: 657450 657524 693341 Changes: yubico-pam (2.13-1) unstable; urgency=low . * New upstream release. Closes: #657524. * Bump to Debian Policy version 3.9.4. * Remove obsolete 'DM-Upload-Allowed'. * Simplify watch file. * Drop Fredrik as uploader, add Klas and Dain. * Add Italian translation. Closes: #657450. * Add Japanese translation. Closes: #693341. Checksums-Sha1: d1c94edf7e099f881284f1b82cb168e0b77d76c8 1637 yubico-pam_2.13-1.dsc 63de5cc19aa89122709eede7f4f272a00945535d 375151 yubico-pam_2.13.orig.tar.gz 2444fded388a0a34dc87ab94f6453020671bdc54 12595 yubico-pam_2.13-1.debian.tar.gz 9e35d4ab817837f347f0a77913245d4583312bd3 69850 libpam-yubico_2.13-1_amd64.deb Checksums-Sha256: da1c347e095560de2a893ac4edbf13379b87396fa5f317986ba488e7c6c709ee 1637 yubico-pam_2.13-1.dsc 0d06294f82c3286397fe52044d4b9b8d96045c3f9939fc7bbf0b45c4463e89c0 375151 yubico-pam_2.13.orig.tar.gz c798a53de3f83622811248f122f19b6d2d34e3aa76e81fced87366433ba38fa4 12595 yubico-pam_2.13-1.debian.tar.gz 1b604c7034bbf4e95699b2ee7f6b49f2965840e1b297402eacb850bbbab847a9 69850 libpam-yubico_2.13-1_amd64.deb Files: 5a0404dcab9bf9321028140574f7f922 1637 admin optional yubico-pam_2.13-1.dsc 4809eaae0cd89abf7916d5b21aadc602 375151 admin optional yubico-pam_2.13.orig.tar.gz 141851deec328ef094fcb799d36878ba 12595 admin optional yubico-pam_2.13-1.debian.tar.gz 1489292f760f6122c02453b1355e8191 69850 admin optional libpam-yubico_2.13-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJRXbmtAAoJEGDO5xEQXnIuzP4H/3whoFQrAi2Vof/KzKLhXvAJ UucKTPgrBtTJXkKcX9FAfBK2Ie/6i1H59XLOO47ux0pKMgh0Z8Qg3Kao6k1QXa5Q ssOtCapYbcMzQr7TX9o8o35iI2zqY740LNN2f3b/Q2mQ8K+tgOXxm/5vwdqMrY/T 4Rr1+lSkP7VPBbeYktYj+/Extq/3CNyTrWq+tY/TUymirQ5jWgE9g3/D70nl7q80 1ZUsgouujyeGGPSeLEyIWw8B0IeThTJYkuO22APo2eoFsjO6DqRDMgApVsesR3Qt bSTz2PWjIZTqhUjTPTjBdlVts+Ao9yTto3A0LyKG1me2eKuT8/T5ZFzSDW8N524= =LstU -----END PGP SIGNATURE-----
--- End Message ---
