Package: libpam-mysql
Version: 0.5.0-6
Severity: normal
Tags: patch
When the password column contains NULL (not ""), this module dies due to a null
pointer
access. That's not too pretty. IMO, db_checkpasswd should return PAM_AUTH_ERR
instead.
(Actually, if I understand things correctly, it should return PAM_SUCCESS
unless
PAM_DISALLOW_NULL_AUTHTOK is set, but the code doesn't care about that at all
(neither does
pam_unix(!?))). Alternatively, one can let db_checkpasswd return PAM_SUCCESS,
and set
where=passwd IS NOT NULL in the configuration if a NULL password is to mean "no
access".
Simple patch:
--- pam_mysql.c.orig 2005-03-03 05:38:20.000000000 +0100
+++ pam_mysql.c 2005-03-03 05:50:31.000000000 +0100
@@ -464,6 +464,11 @@
mysql_free_result(result);
return PAM_AUTH_ERR;
}
+ if (row[0] == NULL) {
+ DEBUG_syslog("returning %i .", PAM_AUTH_ERR);
+ mysql_free_result(result);
+ return PAM_AUTH_ERR;
+ }
/* I really wish someone would explain how this was decided upon. */
encryptedPass = malloc(sizeof(char) * (strlen(passwd) + 31 + 1));
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (600, 'testing'), (100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-fryken-2
Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Versions of packages libpam-mysql depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libmysqlclient10 3.23.56-2 LGPL-licensed client library for M
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii zlib1g 1:1.2.2-3 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
