tech-toolchain archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: libpam segfault when passwd passes NULL pamh (was Re: gcc -O2 produces invalid object code (x86_64, netbsd-5 branch))

Joerg Sonnenberger wrote:
On Mon, Mar 08, 2010 at 03:16:29PM -0500, Richard Hansen wrote:
There's at least one other way pam_start() can fail: if you misspell the name of a pam module in an /etc/pam.d file. (Can you guess how I originally stumbled across the segfault? :-P) A "module not found" message would be useful.

Yes, but that error is not send down in any meaningful way.

I'm not sure what you mean -- passwd prints the error message to stderr. Other apps might not have a useful way to deliver the error message to the user, but that's for the apps to figure out.

We could modify pam_start() to set pamh to NULL on error so that pam_strerror() does the right thing, or we could do what we're doing now and simply ignore pamh in pam_strerror().

I think the problem will remain the same though -- you can't assume pam_strerror will work after a failing pam_start.

We can if pam_strerror(3) says it will.  :)

It doesn't make much sense either.

If pam_start() set pamh to NULL on error, then pam_strerror() would know that NULL meant a failure in pam_start(). Upon invocation with pamh=NULL, pam_strerror() could either return a generic message corresponding to the error_number (as it does right now), or it could do some sleuthing to generate a more detailed message (such as "module /misspelled/path/to/ not found") in a static buffer.


Home | Main Index | Thread Index | Old Index