Re: libpam segfault when passwd passes NULL pamh (was Re: gcc -O2 produces invalid object code (x86_64, netbsd-5 branch))

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

Sorry if my reply sounded more rude than intended.

On Mon, Mar 08, 2010 at 01:10:58PM -0500, Richard Hansen wrote:
> 
> With the segfault I'm seeing, pam_start() isn't returning success.
> The problem is that passwd calls pam_end() as part of its cleanup
> routine, and this routine is executed even when pam_start() returns
> failure.  See pwpam_process() in src/usr.bin/passwd/pam_passwd.c.

Ah. Right, that's a bug.

> My interpretation of pam_end(3) is that a NULL pamh is not
> prohibited, which would mean that passwd is not doing anything
> wrong.

I disagree. The handle is an abstract opaque type. An implemenation that
only ever allows a single PAM context being open could just return NULL
all the time for pam_start and it would be within the spec. The
openpam(3) implementation never returns NULL for pam_start and
therefore, NULL is not a valid handle to pass down to pam_end.

Joerg