Re: Segfault in login on debian potatoR2

[BORBELY Zoltan <bozo () ANDREWS HU>]

On Fri, Mar 09, 2001 at 04:04:11PM -0800, Mike Fedyk wrote:
> I don't know if this could be exploited is any way, but here's something
> that I've seen.  This is on x86 on two machines and a ppc g3.
>
> #su
> #login
> login:
> ^D
> Segmentation fault
>
> Maybe you guys can check this more.

I've checked it in RedHat Linux 7.0/i386:

[bozo@dolphin bozo]$ login
login:
login:
Segmentation fault (core dumped)
[bozo@dolphin bozo]$ gdb /bin/login core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...
Core was generated by `login'.
Program terminated with signal 11, Segmentation fault.

[...]

#0  strncpy (s1=0xbfffd58c "", s2=0x0, n=32) at ../sysdeps/generic/strncpy.c:41
41      ../sysdeps/generic/strncpy.c: No such file or directory.
(gdb)

This is a simple NULL pointer dereference:
strncpy(0xbfffd58c, NULL, 32);