From simon@comsys.ntu-kpi.kiev.ua  Thu Jul  7 09:09:16 2005
Return-Path: <simon@comsys.ntu-kpi.kiev.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 55DD716A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  7 Jul 2005 09:09:16 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DD8A943D49
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  7 Jul 2005 09:09:00 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from pm514-9.comsys.ntu-kpi.kiev.ua (pm514-9.comsys.ntu-kpi.kiev.ua [10.18.54.109])
	(authenticated bits=0)
	by comsys.ntu-kpi.kiev.ua (8.12.10/8.12.10) with ESMTP id j679FA61067527
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 7 Jul 2005 12:15:10 +0300 (EEST)
Received: by pm514-9.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1000)
	id 57ED812D; Thu,  7 Jul 2005 12:07:09 +0300 (EEST)
Message-Id: <20050707090709.GA384@pm514-9.comsys.ntu-kpi.kiev.ua>
Date: Thu, 7 Jul 2005 12:07:09 +0300
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patch] double free() in openpam

>Number:         83085
>Category:       bin
>Synopsis:       [patch] double free() in openpam
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 07 09:10:11 GMT 2005
>Closed-Date:    Sat Nov 11 01:00:43 GMT 2006
>Last-Modified:  Sat Nov 11 01:00:43 GMT 2006
>Originator:     Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
>Release:        FreeBSD 5.4-RELEASE-p1 i386
>Organization:
>Environment:
>Description:

Double free() in openpam library was found.

>How-To-Repeat:

Add something like this to /etc/pam.d/login:

----------------
auth		required	pam_nologin.so
wrong line
----------------

and try to login in another console (and don't forget to restore
/etc/pam.d/login after test!).

>Fix:
diff -ruN openpam.orig/lib/openpam_configure.c openpam/lib/openpam_configure.c
--- openpam.orig/lib/openpam_configure.c	Wed Jul  6 19:15:00 2005
+++ openpam/lib/openpam_configure.c	Wed Jul  6 20:16:43 2005
@@ -327,7 +327,6 @@
 	}
 	return (PAM_SUCCESS);
  load_err:
-	openpam_clear_chains(pamh->chains);
 	return (PAM_SYSTEM_ERR);
 }
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Thu Jul 7 09:48:21 GMT 2005 
Responsible-Changed-Why:  
Assign to our OpenPAM maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83085 
State-Changed-From-To: open->patched 
State-Changed-By: des 
State-Changed-When: Sun Jul 17 21:42:22 GMT 2005 
State-Changed-Why:  
HEAD and RELENG_6 already fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83085 

From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/83085: [patch] double free() in openpam
Date: Sun, 17 Jul 2005 23:41:45 +0200

 1) the patch is incorrect.  it replaces a potential double free with a
    potential memory leak.
 
 2) this bug was fixed (correctly) in OpenPAM Feterita six months ago.
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
 
State-Changed-From-To: patched->closed 
State-Changed-By: des 
State-Changed-When: Sat Nov 11 01:00:39 UTC 2006 
State-Changed-Why:  
OBE 

http://www.freebsd.org/cgi/query-pr.cgi?pr=83085 
>Unformatted:
