From nobody Wed May 25 00:53:52 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 048311B46136 for ; Wed, 25 May 2022 00:53:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L7CHh52sDz4Qq0 for ; Wed, 25 May 2022 00:53:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8EBC9736A for ; Wed, 25 May 2022 00:53:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 24P0rq65082708 for ; Wed, 25 May 2022 00:53:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 24P0rqiQ082707 for bugs@FreeBSD.org; Wed, 25 May 2022 00:53:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault Date: Wed, 25 May 2022 00:53:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: khng@freebsd.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: flagtypes.name keywords bug_file_loc assigned_to bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653440032; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e7kBCcEIaowR/+XHFXDpa/VhnpHXYRaFEyOWmjkKLuE=; b=Yydp77VXFDuItdaPtJ7ezxr1ezm63CQCJrKtNZ08cL08xQaG+09spfRADlekhEsCGNQpDb 3tgUDvtEcernEaUS2IxAtdlz0eQ+evQT4/IqVEDmroAxXFhirZkc4oCNHfWQMdUcl14765 V6ywpvY1cq3iYuCz0NsKVDHG96vXyCX2BSpHTVEbee6xT8pjrzZEC0Shlxt28O4S/Su8t5 4HQzlnSGovxedBxxdfCpG6DIjPxWWwYWXQnoIW4iKkeHq61J6k9HzrnIHaQIkApU05giVL IWU2fIJj56sJYOFfQdknIoXJfoRDXO4KKT64uxfmkaunGR38dweA8UG/x/5cUQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653440032; a=rsa-sha256; cv=none; b=gobhJrcBHxvSozZal3gypjhohr0ZCBSrxNzpb+EwrnqwtDx1QO8J8AUQyljlE/VoAzTHJa R7DRm4Y8K0t3TLMIj3zy8SfcI5BcbnIWG4iScPTlX7j0QOvATW3sUc3A0m4jmbg7D3T3jQ 3Go9QsF9mkFAsX49rgXtk8ksdRliUwwy9snddKow+JqR4O580hC0TxVIDYCzyTROMwe5n2 sFxv3C2Ie5wFK2I5MrB59GYpuJmDq0LWDdl/hyYwn2na/Vzkf5HVqf4mRqywoH9CxZKhCV gzs/sJI9iZem7WzUNBAuubf1Kmbs6647S29LzsOOyGFu4Nsf9XvqHBFAZ+2Vbw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263893 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |mfc-stable13?, | |mfc-stable12? Keywords| |crash URL| |https://reviews.freebsd.org | |/D35169 Assignee|bugs@FreeBSD.org |khng@freebsd.org Status|New |In Progress --- Comment #3 from Kubilay Kocak --- The branch main has been updated by khng: URL: https://cgit.FreeBSD.org/src/commit/?id=3Db75e0eed345d2ab047a6b1b00a9a7c3bf= 92e992c commit b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c Author: Yan Ka Chiu AuthorDate: 2022-05-22 16:33:02 +0000 Commit: Ka Ho Ng CommitDate: 2022-05-22 16:36:48 +0000 pam_exec: fix segfault when authtok is null According to pam_exec(8), the `expose_authtok` option should be ignored when the service function is `pam_sm_setcred`. Currently `pam_exec` only prevent prompt for anth token when `expose_authtok` is set on `pam_sm_setcred`. This subsequently led to segfault when there isn't an existing auth token available. Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263893 After reading https://reviews.freebsd.org/rS349556 I am not sure if the default behaviour supposed to be simply not prompt for authentication token, or is it to ignore the option entirely as stated in the man page. This patch is therefore only adding an additional NULL check on the item `pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is NULL. MFC after: 1 week Reviewed by: des, khng Differential Revision: https://reviews.freebsd.org/D35169 --=20 You are receiving this mail because: You are the assignee for the bug.=