Re: sudo segfaults on SIGINT during auth

From: Todd C. Miller (Todd.Millerat_private)
Date: Sun Jan 20 2002 - 20:11:39 PST

Next message: frog frog: "Security holes in COWS (CGI Online Worldweb Shopping)"

Previous message: Ben Williams: "Re: m68k shellcode"
In reply to: Charles 'core' Stevenson: "sudo segfaults on SIGINT during auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Someone else reported this on an old version of RedHat.  I
don't see the problem with Linux-PAM 0.72 or 0.75 but try
this diff.

 - todd

Index: auth/pam.c
===================================================================
RCS file: /home/cvs-sudo/sudo/auth/pam.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- auth/pam.c	20 Jan 2002 00:46:44 -0000	1.24
+++ auth/pam.c	20 Jan 2002 19:21:33 -0000	1.25
@@ -221,7 +221,9 @@
 		/* Read the password. */
 		pr->resp = estrdup((char *) tgetpass(p,
 		    def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
-		if (pr->resp == NULL || *pr->resp == '\0')
+		if (pr->resp == NULL)
+		    pr->resp = "";
+		if (*pr->resp == '\0')
 		    nil_pw = 1;		/* empty password */
 		break;
 	    case PAM_TEXT_INFO:

Next message: frog frog: "Security holes in COWS (CGI Online Worldweb Shopping)"
Previous message: Ben Williams: "Re: m68k shellcode"
In reply to: Charles 'core' Stevenson: "sudo segfaults on SIGINT during auth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 10:36:14 PST