[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check w

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check w

From:	Florian Weimer
Subject:	[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded
Date:	Thu, 06 Nov 2014 19:51:25 +0100

* Andreas Barth:

> we have the following debian bug report about an security isuse in
> libpam-oath (source oath-toolkit, upstream web page
> http://www.nongnu.org/oath-toolkit/ ).
>
> What is the appropriate process to get an CVE number on it? This issue
> is already public, as it is documented in the debian bug tracking
> system.

Does this actually have any application impact?  Not checking for
error on malloc failure is extremely common, and many applications use
wrappers such as xmalloc which explicitly terminate the process on
malloc failure.

[Prev in Thread]

Current Thread

[Next in Thread]

[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded, Andreas Barth, 2014/11/06
- [OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded, Florian Weimer <=
- [OATH-Toolkit-help] Bug#742140: [oss-security] Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded, Russ Allbery, 2014/11/06

Prev by Date: [OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded
Next by Date: [OATH-Toolkit-help] Bug#742140: [oss-security] Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded
Previous by thread: [OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded
Next by thread: [OATH-Toolkit-help] Bug#742140: [oss-security] Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded
Index(es):
- Date
- Thread