You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Compiling the latest yubico-pam code from git (2.13-23-g96cf010) works, but if
gcc had option '-fstack-protector' programs crash when authenticating CR:
Increasing char buf[] to 125 in do_challenge_response() "fixes" the problem, though this is just undefined behaviour I think. I used memset() to clear buf with null bytes, looks like nothing is written to addresses beyond 0x19 (or similar, but far away from 0x7D).
This is an Arch Linux x86_64 system with these package versions:
linux 3.11.1-1
pam 1.1.6-4
gcc-multilib 4.8.1-3
glibc 2.18-4
The text was updated successfully, but these errors were encountered:
Remember I said it works with char buf[125]? Well, sizeof(state) is 124, so I bet it is related to that...
Still thinking about the real problem, though.
eworm-de
added a commit
to eworm-de/yubico-pam
that referenced
this issue
Sep 19, 2013
Compiling the latest yubico-pam code from git (2.13-23-g96cf010) works, but if
gcc had option '-fstack-protector' programs crash when authenticating CR:
*** stack smashing detected ***: su terminated
======= Backtrace: =========
/usr/lib/libc.so.6(+0x72ecf)[0x7fa27df6eecf]
/usr/lib/libc.so.6(__fortify_fail+0x37)[0x7fa27dff1c37]
/usr/lib/libc.so.6(__fortify_fail+0x0)[0x7fa27dff1c00]
/usr/lib/security/pam_yubico.so(pam_sm_authenticate+0x10fd)[0x7fa27cb2aecd]
/usr/lib/libpam.so.0(+0x2e8f)[0x7fa27e4ade8f]
/usr/lib/libpam.so.0(pam_authenticate+0x30)[0x7fa27e4ad6e0]
su[0x403563]
/usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7fa27df1dbc5]
su[0x4023a1]
Increasing char buf[] to 125 in do_challenge_response() "fixes" the problem, though this is just undefined behaviour I think. I used memset() to clear buf with null bytes, looks like nothing is written to addresses beyond 0x19 (or similar, but far away from 0x7D).
This is an Arch Linux x86_64 system with these package versions:
linux 3.11.1-1
pam 1.1.6-4
gcc-multilib 4.8.1-3
glibc 2.18-4
The text was updated successfully, but these errors were encountered: