diff options
authorYan Ka Chiu <nyan@myuji.xyz>2022-05-22 16:33:02 +0000
committerMark Johnston <markj@FreeBSD.org>2022-07-25 21:01:46 +0000
commit26db194f3db1238b9339bde23a82def8cfee10b1 (patch)
parentc48048ebdbed0901dacf1632af3b3db600533e64 (diff)
pam_exec: fix segfault when authtok is null
According to pam_exec(8), the `expose_authtok` option should be ignored when the service function is `pam_sm_setcred`. Currently `pam_exec` only prevent prompt for anth token when `expose_authtok` is set on `pam_sm_setcred`. This subsequently led to segfault when there isn't an existing auth token available. Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893 After reading https://reviews.freebsd.org/rS349556 I am not sure if the default behaviour supposed to be simply not prompt for authentication token, or is it to ignore the option entirely as stated in the man page. This patch is therefore only adding an additional NULL check on the item `pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is NULL. Approved by: so Security: FreeBSD-EN-22:19.pam_exec MFC after: 1 week Reviewed by: des, khng Differential Revision: https://reviews.freebsd.org/D35169 (cherry picked from commit b75e0eed345d2ab047a6b1b00a9a7c3bf92e992c) (cherry picked from commit ea80848e1c0639e2ac8d3f974ddb9c6233491eb3)
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c
index b8f2e1d8fdfc..ef2680d80525 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.c
+++ b/lib/libpam/modules/pam_exec/pam_exec.c
@@ -261,6 +261,13 @@ _pam_exec(pam_handle_t *pamh,
/* don't prompt, only expose existing token */
rc = pam_get_item(pamh, PAM_AUTHTOK, &item);
authtok = item;
+ if (authtok == NULL && rc == PAM_SUCCESS) {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: pam_get_authtok(): %s",
+ func, "authentication token not available");
+ }
} else {
rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);