Vulnerability Development mailing list archives

Re: sudo segfaults on SIGINT during auth

From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Sun, 20 Jan 2002 21:11:39 -0700

Someone else reported this on an old version of RedHat.  I
don't see the problem with Linux-PAM 0.72 or 0.75 but try
this diff.

 - todd

Index: auth/pam.c
===================================================================
RCS file: /home/cvs-sudo/sudo/auth/pam.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- auth/pam.c  20 Jan 2002 00:46:44 -0000      1.24
+++ auth/pam.c  20 Jan 2002 19:21:33 -0000      1.25
@@ -221,7 +221,9 @@
                /* Read the password. */
                pr->resp = estrdup((char *) tgetpass(p,
                    def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
-               if (pr->resp == NULL || *pr->resp == '\0')
+               if (pr->resp == NULL)
+                   pr->resp = "";
+               if (*pr->resp == '\0')
                    nil_pw = 1;         /* empty password */
                break;
            case PAM_TEXT_INFO:

Current thread:

sudo segfaults on SIGINT during auth Charles 'core' Stevenson (Jan 20)
- Re: sudo segfaults on SIGINT during auth Todd C. Miller (Jan 21)