Package: libpam-mysql Version: 0.5.0-6 Severity: normal Tags: patch When the password column contains NULL (not ""), this module dies due to a null pointer access. That's not too pretty. IMO, db_checkpasswd should return PAM_AUTH_ERR instead. (Actually, if I understand things correctly, it should return PAM_SUCCESS unless PAM_DISALLOW_NULL_AUTHTOK is set, but the code doesn't care about that at all (neither does pam_unix(!?))). Alternatively, one can let db_checkpasswd return PAM_SUCCESS, and set where=passwd IS NOT NULL in the configuration if a NULL password is to mean "no access".
Simple patch: --- pam_mysql.c.orig 2005-03-03 05:38:20.000000000 +0100 +++ pam_mysql.c 2005-03-03 05:50:31.000000000 +0100 @@ -464,6 +464,11 @@ mysql_free_result(result); return PAM_AUTH_ERR; } + if (row[0] == NULL) { + DEBUG_syslog("returning %i .", PAM_AUTH_ERR); + mysql_free_result(result); + return PAM_AUTH_ERR; + } /* I really wish someone would explain how this was decided upon. */ encryptedPass = malloc(sizeof(char) * (strlen(passwd) + 31 + 1)); -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-fryken-2 Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1) Versions of packages libpam-mysql depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libmysqlclient10 3.23.56-2 LGPL-licensed client library for M ii libpam0g 0.76-22 Pluggable Authentication Modules l ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]