Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault when using pam_gate.so #1

Open
seren opened this issue Aug 4, 2017 · 1 comment
Open

Segfault when using pam_gate.so #1

seren opened this issue Aug 4, 2017 · 1 comment

Comments

@seren
Copy link

seren commented Aug 4, 2017

I'm testing pam_gate.so on Ubuntu 14.04.5, and am getting segfaults:

$ sudo ls
[sudo] password for testuser:
Segmentation fault (core dumped)

This shows up in the syslog:

Aug  4 17:53:00 vpn-test2 kernel: [255650.618605] sudo[3775]: segfault at 0 ip 00007fc20776b467 sp 00007ffca3de53b0 error 4 in libc-2.19.so[7fc20772e000+1be000]

and then 2 minutes later this:

Aug  4 17:55:01 vpn-test2 kernel: [255771.640580] cron[3777]: segfault at 0 ip 00007f259d9123e8 sp 00007ffd676137b0 error 4 in pam_gate.so[7f259d911000+3000]

Interestingly, this doesn't segfault when the password is incorrect:

$ sudo ls
[sudo] password for testuser:
Sorry, try again.
[sudo] password for testuser:
Sorry, try again.
[sudo] password for testuser:
Sorry, try again.
sudo: 3 incorrect password attempts

My testing setup process (adapted from the setup.sh script) is:

$ apt-get update >/dev/null

$ apt-get install -y libpam0g-dev libcurl4-gnutls-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libcurl4-gnutls-dev is already the newest version.
libpam0g-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 28 not upgraded.

$ make
cc -Werror -Wall -o check_gate src/check_gate.c -lpam -lpam_misc
cc -Werror -Wall -fPIC -shared -Xlinker -x -o pam_gate.so src/pam_gate.c -lcurl

$ cp pam_gate.so /lib/*-linux-gnu/security/

$ cp pam_gate.so /lib/*-linux-gnu/

$ echo "auth sufficient pam_gate.so url=http://localhost:3000/profile/authenticate_pam" >> /etc/pam.d/common-auth
$ echo "account sufficient pam_gate.so" >> /etc/pam.d/common-auth
@theRustyKnife
Copy link

theRustyKnife commented Aug 14, 2017
edited
Loading

I ran into this issue as well and after some investigation I came to the following conclusion:

In src/pam_gate.c on line 260, there is a call to atoi where the parameter is not checked for NULL values. That, for some reason, is not throwing any meaningful error, but segfaulting instead.
What I did to fix it was changing the line from

pMinUserId = atoi(getArg("min_user_id", argc, argv));

to

const char *tmpPMinUserId = getArg("min_user_id", argc, argv);
pMinUserId = (tmpPMinUserId == NULL) ? 0 : atoi(tmpPMinUserId);

That being said, I have no idea if this is actually correct as I don't really know what pMinUserId means... It seems to work tho.

EDIT: Ok, I'm still getting segfaults, just on a different occasion. Also, this got thrown at me once:

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
sh: 0: getcwd() failed: No such file or directory

EDIT2: Now I can't reproduce the second segfault again. I have no idea what's going on here...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seren @theRustyKnife