saslauthd -a shadow crashes with SEGV on system accounts.

[brong]

From: Arno Bakker
Bugzilla-Id: 3806
Version: 2.1.x
Owner: Alexey Melnikov

[brong]

From: Arno Bakker

Hi

https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1187001

lists a problem with saslauthd crashing when used with postfix. I can
reproduce the problem when I run saslauthd with authmech shadow:

saslauthd -a shadow

and then try to authenticate users that have a crippled /etc/shadow entry. By crippled I mean ! or * as password entry, as for root, mail, nobody.

When I run the 2.1.25 stock source with debugging symbols in gdb with "-a shadow -n 1 -d -m /var/run/saslauthd/mux" as param, I get:

Program received signal SIGSEGV, Segmentation fault.
0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) where
#0 0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1 0xb7e6e326 in strdup () from /lib/i386-linux-gnu/libc.so.6
#2 0x0804b910 in auth_shadow (login=0xbffff098 "root",
password=0xbffff199 "dfsdf", service=0xbffff29a "ldap",
realm=0xbffff39b "") at auth_shadow.c:188
#3 0x0804ed3f in do_auth (_login=_login@entry=0xbffff098 "root",
password=password@entry=0xbffff199 "dfsdf",
service=service@entry=0xbffff29a "ldap", realm=realm@entry=0xbffff39b "")
at saslauthd-main.c:410
#4 0x0804dd17 in do_request (conn_fd=conn_fd@entry=9) at ipc_unix.c:426
#5 0x0804e547 in ipc_loop () at ipc_unix.c:277
#6 0x080499c1 in main (argc=8, argv=0xbffff5e4) at saslauthd-main.c:369

Offending line is:

  cpw = strdup((const char *)crypt(password, sp->sp_pwdp));

where crypt() returns NULL for the crippled shadow entries. Proposed patch:

char *encpwd = crypt(password, sp->sp_pwdp);
if (encpwd == NULL) {
    if (flags & VERBOSE) {
        syslog(LOG_DEBUG, "DEBUG: auth_shadow: crypt returned NULL");
    }
    RETURN("NO");
}
cpw = strdup((const char *)encpwd);

[brong]

From: mancha

*** This bug has been marked as a duplicate of bug 3803 ***