[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check w
|
From: |
Andreas Barth |
|
Subject: |
[OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded |
|
Date: |
Thu, 6 Nov 2014 15:42:01 +0100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hi,
we have the following debian bug report about an security isuse in
libpam-oath (source oath-toolkit, upstream web page
http://www.nongnu.org/oath-toolkit/ ).
What is the appropriate process to get an CVE number on it? This issue
is already public, as it is documented in the debian bug tracking
system.
Andi
* Eero Häkkinen (address@hidden) [141106 14:31]:
> Package: libpam-oath
> Version: 2.0.2-2
> Severity: grave
> Tags: security upstream patch
>
> The OATH Toolkit PAM module does not check whether strdup allocations
> succeeded. This may result in null pointer dereference and application
> crash.
>
> Depending on the use of the PAM module, this may be remotely exploitable.
> diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
> index 8379358..e2d3363 100644
> --- a/pam_oath/pam_oath.c
> +++ b/pam_oath/pam_oath.c
> @@ -146,6 +146,12 @@ pam_sm_authenticate (pam_handle_t * pamh,
> char *query_prompt = NULL;
> char *onlypasswd = strdup (""); /* empty passwords never match */
>
> + if (!onlypasswd)
> + {
> + retval = PAM_BUF_ERR;
> + goto done;
> + }
> +
> parse_cfg (flags, argc, argv, &cfg);
>
> retval = pam_get_user (pamh, &user, NULL);
> @@ -265,6 +271,11 @@ pam_sm_authenticate (pam_handle_t * pamh,
> {
> free (onlypasswd);
> onlypasswd = strdup (password);
> + if (!onlypasswd)
> + {
> + retval = PAM_BUF_ERR;
> + goto done;
> + }
>
> /* user entered their system password followed by generated OTP? */
>
- [OATH-Toolkit-help] Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded,
Andreas Barth <=