Bug 30357

Summary: core dump in libpam.so when parsing config file
Product: Base System Reporter: Edward Counce <edward.counce>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.3-RELEASE   
Hardware: Any   
OS: Any   

Description Edward Counce 2001-09-05 22:40:02 UTC 
While parsing the configuration file, numeric (jump) actions in the newer control flag syntax may cause a core dump.

Fix: 

/* observe action type */
-       for (act=0; act<=-_PAM_ACTION_UNDEF; ++act) {
+       for (act=0; act<-_PAM_ACTION_UNDEF; ++act) {
            len = strlen(_pam_token_actions[act]);
            if (!strncmp(_pam_token_actions[act], tok, len)) {
                act *= -1;--7Czsb6H5W3q8Z1HoXWQ0IogZaHIYLgY9ByU877R4kj4U4jWA
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

Index: pam_misc.c
===================================================================
RCS file: /home/ncvs/src/contrib/libpam/libpam/pam_misc.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pam_misc.c
--- pam_misc.c  18 Nov 1998 01:16:19 -0000      1.1.1.1
+++ pam_misc.c  5 Sep 2001 21:16:36 -0000
@@ -278,7 +278,7 @@
        }
How-To-Repeat: add to /etc/pam.conf:

sshd auth [success=1 default=ignore] pam_tacplus.so
Comment 1 Peter Pentchev freebsd_committer freebsd_triage 2001-09-13 09:26:04 UTC 
State Changed
From-To: open->closed

I just committed to -stable a similar fix taken from the newer 
PAM sources in -current. 

Thank you for the PR!