Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-151313

pwck crashes with segmentation fault when executed as a user

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-8.10.z
    • shadow-utils
    • Yes
    • Important
    • ZStream, Patch, EasyFix
    • Customer Facing, Customer Reported
    • rhel-idm-zta
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Users executing pwck as a user get a Segmentation Fault.

      This happens because variable shadow_logfd is not initialized to stderr but NULL:

      $ gdb --args pwck
      [...]
      (gdb) run
      Program received signal SIGSEGV, Segmentation fault.
      ___fprintf_chk (fp=0x0, flag=flag@entry=1, format=format@entry=0x55555555dc21 "%s: Permission denied.\n")
          at fprintf_chk.c:30
      30      _IO_acquire_lock_clear_flags2 (fp);
      
      (gdb) f 2
      #2  commonio_lock (db=0x5555557605e0 <passwd_db>) at commonio.c:474
      474                (void) fprintf (shadow_logfd, "%s: Permission denied.\n",
      (gdb) p shadow_logfd 
      $1 = (FILE *) 0x0
      

      Please backport Upstream commit dated *2021*:

      commit d8e54618feea201987c1f3cb402ed50d1d8b604f
      Author: Iker Pedrosa <ipedrosa@redhat.com>
      Date:   Mon Nov 15 12:40:15 2021 +0100
      
          pwck: fix segfault when calling fprintf()
          
          As shadow_logfd variable is not set at the beginning of the program if
          something fails and fprintf() is called a segmentation fault happens.
          
          Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
          
          Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
      ---
       src/pwck.c | 1 +
       1 file changed, 1 insertion(+)
      
      diff --git a/src/pwck.c b/src/pwck.c
      index 4248944a..4ce86af2 100644
      --- a/src/pwck.c
      +++ b/src/pwck.c
      @@ -857,6 +857,7 @@ int main (int argc, char **argv)
               * Get my name so that I can use it to report errors.
               */
              Prog = Basename (argv[0]);
      +       shadow_logfd = stderr;
       
              (void) setlocale (LC_ALL, "");
              (void) bindtextdomain (PACKAGE, LOCALEDIR);
      

      What is the impact of this issue to you?

      Annoyance

      Please provide the package NVR for which the bug is seen:

      shadow-utils-4.6-23.el8_10

      How reproducible is this bug?:

      Always, just execute the command as non-root user

              ipedrosa@redhat.com Iker Pedrosa
              rhn-support-rmetrich Renaud Métrich
              Iker Pedrosa Iker Pedrosa
              Anuj Borah Anuj Borah
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: