PAM causes segfault in login(1)

[Maxim Sobolev]

Hi,

I've noticed that new PAM segfaults when I'm typing non-existing login
at console login prompt. Please fix.

-Maxim

FreeBSD/i386 (big_brother) (ttyv0)

login: max1
pid 372 (login), uid 0: exited on signal 11 (core dumped)
 

FreeBSD/i386 (big_brother) (ttyv0)

login: max
Password:
Welcome to FreeBSD!
 
 
Erase is backspace.
bash-2.05$ gdb /usr/bin/login /tmp/core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `login'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libutil.so.3...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libcrypt.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libpam.so.1...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libc.so.5...(no debugging symbols found)...done.
Reading symbols from /usr/lib/pam_nologin.so...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/pam_unix.so...done.
Reading symbols from /usr/lib/pam_permit.so...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x28074e33 in crypt_md5 () from /usr/lib/libcrypt.so.2
(gdb) bt
#0  0x28074e33 in crypt_md5 () from /usr/lib/libcrypt.so.2
#1  0x28074c94 in crypt () from /usr/lib/libcrypt.so.2
#2  0x28132aee in pam_sm_authenticate (pamh=0x8055000, flags=0, argc=1,
    argv=0x804f100) at pam_unix.c:95
#3  0x2807bae5 in pam_getenvlist () from /usr/lib/libpam.so.1
#4  0x2807bdf1 in _pam_dispatch () from /usr/lib/libpam.so.1
#5  0x2807b18b in pam_authenticate () from /usr/lib/libpam.so.1
#6  0x804ae41 in free ()
#7  0x8049fea in free ()
#8  0x8049b61 in free ()
(gdb) up
#1  0x28074c94 in crypt () from /usr/lib/libcrypt.so.2
(gdb) up
#2  0x28132aee in pam_sm_authenticate (pamh=0x8055000, flags=0, argc=1,
    argv=0x804f100) at pam_unix.c:95
95                      crypt(password, "xx");
(gdb) print password
$1 = 0x1 <Address 0x1 out of bounds>
(gdb) q
bash-2.05$