You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While calling pam_start and using some invalid paths in the configuration file included using include/substack, a pointer of a high value address is dereferenced.
$ gcc main.c -o main -lpam -lpam_misc
$ ./main
AddressSanitizer:DEADLYSIGNAL
=================================================================
==161965==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000031627f bp 0x7ffe219961f0 sp 0x7ffe21996100 T0)
==161965==The signal is caused by a READ memory access.
==161965==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x31627f in _pam_add_handler /tmp/Linux-PAM/libpam/pam_handlers.c:888:12
#1 0x313dbc in _pam_parse_conf_file /tmp/Linux-PAM/libpam/pam_handlers.c:264:12
#2 0x30e712 in _pam_init_handlers /tmp/Linux-PAM/libpam/pam_handlers.c:462:12
#3 0x3075dd in pam_start /tmp/Linux-PAM/libpam/pam_start.c:124:10
#4 0x3075dd in main /tmp/Linux-PAM/main.c:12:12
#5 0x7f212c7b90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#6 0x254bed in _start (/tmp/Linux-PAM/main+0x25864d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/Linux-PAM/libpam/pam_handlers.c:888:12 in _pam_add_handler
==161965==ABORTING
Re-entering _pam_add_handler without initialization of the next member of
the list leads to SEGV caused by a dereference of a high value address.
Resolves: linux-pam#475
While calling
pam_start
and using some invalid paths in the configuration file included using include/substack, a pointer of a high value address is dereferenced.Steps to reproduce
/etc/pam.d/crash_conf
One of the following lines:
/etc/pam.d/crash_include
One of the following lines:
main.c
ASAN output
Analysis
Here we are returning from
_pam_add_handler
withPAM_ABORT
, without initializingnext
withNULL
linux-pam/libpam/pam_handlers.c
Lines 905 to 908 in 31645f4
And then, we are re-entering
_pam_add_handler
and having crash on line 888linux-pam/libpam/pam_handlers.c
Lines 888 to 890 in 31645f4
Reproducing
The text was updated successfully, but these errors were encountered: