** Description changed: + [Impact] + Memory leaks in adsys pam modules. + + [Test Plan] + 1. Install SRU version of adsys + 2. Login as an user + 3. Ensure that you can still login successfully. + + [Where problems could occur] + Login can be disabled due to the PAM module crashing. There is only one code path leading to that, so easy to detect. + + -------------- + These may not be security issues but it's possible I overlooked something; since they live in a security boundary I thought it worth reporting with a bit of hassle. If you'd rather work on this in the open, feel free to open this. pam_adsys.c update_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() -- status != 0 looks like it ought to work but I don't think that's how that API is supposed to be used pam_adsys.c pam_sm_open_session() -- gethostname() indentation is funny Thanks
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1961459 Title: adsys pam issues Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Bug description: [Impact] Memory leaks in adsys pam modules. [Test Plan] 1. Install SRU version of adsys 2. Login as an user 3. Ensure that you can still login successfully. [Where problems could occur] Login can be disabled due to the PAM module crashing. There is only one code path leading to that, so easy to detect. -------------- These may not be security issues but it's possible I overlooked something; since they live in a security boundary I thought it worth reporting with a bit of hassle. If you'd rather work on this in the open, feel free to open this. pam_adsys.c update_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() -- status != 0 looks like it ought to work but I don't think that's how that API is supposed to be used pam_adsys.c pam_sm_open_session() -- gethostname() indentation is funny Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1961459/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
