Re: libpam segfault when passwd passes NULL pamh (was Re: gcc -O2 produces invalid object code (x86_64, netbsd-5 branch))

[Richard Hansen <rhansen%bbn.com@localhost>]

Richard Hansen wrote:
> We could modify pam_start() to set pamh to NULL on error so that 
> pam_strerror() does the right thing, or we could do what we're doing now 
> and simply ignore pamh in pam_strerror().  See the attached patch.

Sorry, forgot to attach.  *sigh*

-Ricard

Index: usr.bin/passwd/pam_passwd.c
===================================================================
RCS file: /NETBSD-CVS/src/usr.bin/passwd/pam_passwd.c,v
retrieving revision 1.4
diff -u -r1.4 pam_passwd.c
--- usr.bin/passwd/pam_passwd.c 6 May 2007 09:19:44 -0000       1.4
+++ usr.bin/passwd/pam_passwd.c 8 Mar 2010 20:12:11 -0000
@@ -73,6 +73,7 @@
 pwpam_process(const char *username, int argc, char **argv)
 {
        int ch, pam_err;
+       int pam_start_successful = 0;
        char hostname[MAXHOSTNAMELEN + 1];
 
        while ((ch = getopt(argc, argv, "")) != -1) {
@@ -103,6 +104,7 @@
        /* initialize PAM -- always use the program name "passwd" */
        pam_err = pam_start("passwd", username, &pamc, &pamh);
        pam_check("unable to start PAM session");
+       pam_start_successful = 1;
 
        pam_err = pam_set_item(pamh, PAM_TTY, ttyname(STDERR_FILENO));
        pam_check("unable to set TTY");
@@ -121,7 +123,8 @@
                    pam_strerror(pamh, pam_err));
 
  end:
-       pam_end(pamh, pam_err);
+       if (pam_start_successful)
+           pam_end(pamh, pam_err);
        if (pam_err == PAM_SUCCESS)
                return;
        exit(1);
Index: dist/openpam/doc/man/pam_end.3
===================================================================
RCS file: /NETBSD-CVS/src/dist/openpam/doc/man/pam_end.3,v
retrieving revision 1.5
diff -u -r1.5 pam_end.3
--- dist/openpam/doc/man/pam_end.3      27 Jan 2008 01:22:56 -0000      1.5
+++ dist/openpam/doc/man/pam_end.3      8 Mar 2010 20:12:11 -0000
@@ -55,6 +55,10 @@
 function terminates a PAM transaction and destroys the
 corresponding PAM context, releasing all resources allocated to it.
 .Pp
+This function must not be called if the corresponding call to
+.Xr pam_start 3
+failed.
+.Pp
 The
 .Fa status
 argument should be set to the error code returned by the
@@ -71,6 +75,7 @@
 .El
 .Sh SEE ALSO
 .Xr pam 3 ,
+.Xr pam_start 3 ,
 .Xr pam_strerror 3
 .Sh STANDARDS
 .Rs
Index: dist/openpam/doc/man/pam_strerror.3
===================================================================
RCS file: /NETBSD-CVS/src/dist/openpam/doc/man/pam_strerror.3,v
retrieving revision 1.5
diff -u -r1.5 pam_strerror.3
--- dist/openpam/doc/man/pam_strerror.3 27 Jan 2008 01:22:58 -0000      1.5
+++ dist/openpam/doc/man/pam_strerror.3 8 Mar 2010 20:12:11 -0000
@@ -58,6 +58,15 @@
 argument, in the context of the PAM transaction described by the
 .Fa pamh
 argument.
+.Pp
+Unlike other PAM functions, this function may be called even if the
+call to
+.Xr pam_start 3
+failed.  Be sure to use the handle returned by the failed
+.Xr pam_start 3
+call as the
+.Fa pamh
+argument.
 .Sh RETURN VALUES
 The
 .Nm