From netch@lucky.net  Thu Aug 23 19:18:35 2007
Return-Path: <netch@lucky.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8B78B16A417
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Aug 2007 19:18:35 +0000 (UTC)
	(envelope-from netch@lucky.net)
Received: from relay3.lucky.net (aleph.carrier.kiev.ua [193.193.193.120])
	by mx1.freebsd.org (Postfix) with ESMTP id 1224613C457
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Aug 2007 19:18:34 +0000 (UTC)
	(envelope-from netch@lucky.net)
Received: from burka.carrier.kiev.ua (root@burka.carrier.kiev.ua [193.193.193.107])
	by relay3.lucky.net (8) with ESMTP id l8NIdIXS091930
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Aug 2007 21:39:18 +0300 (EEST)
	(envelope-from netch@lucky.net)
Received: from burka.carrier.kiev.ua (netch@localhost [127.0.0.1])
	by burka.carrier.kiev.ua with ESMTP id l7NIbKRH058795;
	Thu, 23 Aug 2007 21:37:21 +0300 (EEST)
	(envelope-from netch@burka.carrier.kiev.ua)
Received: (from netch@localhost)
	by burka.carrier.kiev.ua (8.13.8/8.13.8/Submit) id l7NIbK3t058792;
	Thu, 23 Aug 2007 21:37:20 +0300 (EEST)
	(envelope-from netch)
Message-Id: <200708231837.l7NIbK3t058792@burka.carrier.kiev.ua>
Date: Thu, 23 Aug 2007 21:37:20 +0300 (EEST)
From: Valentin Nechayev <netch@lucky.net>
Reply-To: Valentin Nechayev <netch@lucky.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: uucpd from net/freebsd-uucp traps with PAM and unknown user
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         115765
>Category:       ports
>Synopsis:       uucpd from net/freebsd-uucp traps with PAM and unknown user
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 23 19:20:02 GMT 2007
>Closed-Date:    Mon Sep 10 12:03:04 CEST 2007
>Last-Modified:  Mon Sep 10 12:03:04 CEST 2007
>Originator:     Valentin Nechayev
>Release:        FreeBSD 6.2-RELEASE-p1 i386
>Organization:
Lucky Net Ltd.
>Environment:
System: FreeBSD 6.2-RELEASE-p1
Port version: freebsd-uucp-pam-1.07.2

>Description:

In port net/freebsd-uucp:

When compiled with PAM, uucpd shows the following bug: if user specified
in command line is unknown, getpwnam() returns NULL; then, auth_pam()
tries to extract pw->pw_name and gets SIGSEGV.

gdb'ing of core file shows:

#0  0x08049778 in auth_pam () at uucpd.c:354
354             cred_t auth_cred = { pw->pw_name, passwd };
(gdb) p pw
$1 = (struct passwd *) 0x0

This isn't kind of security problem but rather annoys.

>How-To-Repeat:

Compile and install the port, start uucpd from inetd or command line,
enter unknown user and arbitrary password.

>Fix:

Patch uucpd.c (I don't know whether to better patch by port system
or in repository) with the following patch.
I also added sleep(3) on bad login according to common practice.

--- uucpd.c.0	Thu Jan  8 20:28:23 2004
+++ uucpd.c	Thu Aug 23 21:25:22 2007
@@ -173,6 +173,7 @@
 	syslog(LOG_AUTHPRIV|LOG_NOTICE,
 	    "LOGIN FAILURE FROM %s, %s", remotehost, name);
 
+	sleep(3);
 	fprintf(stderr, "Login incorrect.\n");
 	exit(1);
 }
@@ -208,6 +209,8 @@
 
 	/* pw might get changed by auth_pam */
 	pw = getpwnam(user);
+	if (pw == NULL)
+		badlogin(user);
 
 #ifdef USE_PAM
 	/*
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dinoex 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Aug 23 19:20:18 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115765 
State-Changed-From-To: open->analyzed 
State-Changed-By: dinoex 
State-Changed-When: Sun Sep 9 20:38:37 CEST 2007 
State-Changed-Why:  
- path in patch was wrong, it does now apply cleanly 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115765 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/115765: commit references a PR
Date: Mon, 10 Sep 2007 09:16:29 +0000 (UTC)

 dinoex      2007-09-10 09:16:23 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net/freebsd-uucp     Makefile distinfo 
   Removed files:
     net/freebsd-uucp/files patch-uucico-Makefile 
   Log:
   - update to 1.07.3
     fix linking with option ENCRYPTED_PASSWORDS
     fix traps with PAM and unknown user
   PR:             115765
   Submitted by:   Valentin Nechayev
   
   Revision  Changes    Path
   1.43      +1 -1      ports/net/freebsd-uucp/Makefile
   1.18      +3 -3      ports/net/freebsd-uucp/distinfo
   1.2       +0 -13     ports/net/freebsd-uucp/files/patch-uucico-Makefile (dead)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dinoex 
State-Changed-When: Mon Sep 10 12:02:49 CEST 2007 
State-Changed-Why:  
committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115765 
>Unformatted:
