Your message dated Tue, 02 Dec 2008 23:32:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#507194: fixed in libpam-mount 0.44-1+lenny3 has caused the Debian Bug report #507194, regarding expand_home() segfaults on <volume user="..."> to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 507194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507194 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: libpam-mount Version: 0.44-1+lenny2 Severity: grave libpam-mount in lenny segfaults on trying to expand home directories in user="" attributes. I don't have the backtrace at hand (it's kind of hard to write mail when your $HOME cannot be mounted ;), but the problem is as follows: expandconfig() tries to call expand_home() on the mountpoint member of vpt. This field gets a low (text?) memory address, and dereferencing *path segfaults. Even if that worked, the later call free(path) would try to free an array, not a pointer. The broken code was introduced in -1+lenny2 in 08_expand_home_fix.dpatch with the fix for #502146. rdconf1.c: 86 bool expandconfig(const struct config *config) 87 { 88 const char *u = config->user; 89 struct vol *vpt; 90 91 HXlist_for_each_entry(vpt, &config->volume_list, list) { 92 if (!expand_home(u, &vpt->mountpoint) || 278 static bool expand_home(const char *user, char **path_pptr) 279 { 280 char *buf, *path = *path_pptr; 281 struct passwd *pe; 282 size_t size; 283 284 if (path == NULL) 285 return true; 286 if (*path != '~') <-- segfault 287 return true; 298 free(path); <-- tries to free an array 299 *path_pptr = buf; 300 return true; 301 } private.h: 51 struct vol { 68 char mountpoint[PATH_MAX + 1]; <-- not a pointer 72 }; Christoph -- [EMAIL PROTECTED] | http://www.df7cb.de/
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: libpam-mount Source-Version: 0.44-1+lenny3 We believe that the bug you reported is fixed in the latest version of libpam-mount, which is due to be installed in the Debian FTP archive: libpam-mount_0.44-1+lenny3.diff.gz to pool/main/libp/libpam-mount/libpam-mount_0.44-1+lenny3.diff.gz libpam-mount_0.44-1+lenny3.dsc to pool/main/libp/libpam-mount/libpam-mount_0.44-1+lenny3.dsc libpam-mount_0.44-1+lenny3_amd64.deb to pool/main/libp/libpam-mount/libpam-mount_0.44-1+lenny3_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Kleineidam <[EMAIL PROTECTED]> (supplier of updated libpam-mount package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 03 Dec 2008 00:13:39 +0100 Source: libpam-mount Binary: libpam-mount Architecture: source amd64 Version: 0.44-1+lenny3 Distribution: testing-security Urgency: high Maintainer: Bastian Kleineidam <[EMAIL PROTECTED]> Changed-By: Bastian Kleineidam <[EMAIL PROTECTED]> Description: libpam-mount - PAM module that can mount volumes for a user session Closes: 507194 507199 507257 507592 Changes: libpam-mount (0.44-1+lenny3) testing-security; urgency=high . * Fix the expand_home segfault by using a much simpler patch for the expand_user() function. (Closes: #507199, #507257, #507592, #507194) Checksums-Sha1: f7bdc58325550adfa218c55b3f551d3e6013ac75 1249 libpam-mount_0.44-1+lenny3.dsc 9c8214c31b2555512624b210debb510544fdb8f9 25926 libpam-mount_0.44-1+lenny3.diff.gz 8e2393b2e8a55c56f1d5c69506d7bd49b982ebaf 105732 libpam-mount_0.44-1+lenny3_amd64.deb Checksums-Sha256: 40da725640fa6749068d4d6693aea2a6032cd6a0725710340f5bb17db077c80a 1249 libpam-mount_0.44-1+lenny3.dsc 4336eeae00ff0b92a544c83eb258232879f60a9a533ae3dffefe30cc286ebf99 25926 libpam-mount_0.44-1+lenny3.diff.gz c1dbb1b89674f9e9f6b4c1496253ca93099ab7c796c028ee8f0deebab3d7bbff 105732 libpam-mount_0.44-1+lenny3_amd64.deb Files: 43d2ac1c868803c174a6f6a1f39644ba 1249 admin extra libpam-mount_0.44-1+lenny3.dsc f19ebf88200b932b409da3d19a25ec94 25926 admin extra libpam-mount_0.44-1+lenny3.diff.gz 5d9bdc7b4b1ea52dc878e2e63241560d 105732 admin extra libpam-mount_0.44-1+lenny3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkk1wioACgkQeBwlBDLsbz47LgCfVk6jCIYsvtE0NEJNXCJEqH7S QcMAn2A+KI8NkB/Vj+XeF9H0qxQik08h =1112 -----END PGP SIGNATURE-----
--- End Message ---
