Re: BUG #5121: Segmentation Fault when using pam w/ krb5

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>, "Douglas, Ryan" <RDouglas(at)arbinet(dot)com>
Cc: pgsql-bugs(at)postgreSQL(dot)org
Subject: Re: BUG #5121: Segmentation Fault when using pam w/ krb5
Date: 2009-10-16 17:57:12
Message-ID: 8927.1255715832@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

I wrote:
> The best idea I can come up with is that the conv_proc is being called
> with zero messages and is dumping core because it tries to print the
> contents of msg[0]. However, it's far from clear why libpam would
> bother to call it with zero messages.

Hah --- found it. (Man, it is so nice working with open source that
you can actually look at...) prompter.c in pam_krb5 has

/* Skip any prompt for which the supplied default answer is the
* previously-entered password -- it's just a waste of the
* user's time. */

So it definitely is possible to call our proc with zero messages, and
whether this will happen or not is probably dependent on the behavior
of the KDC, and even then, ereport might or might not dump core depending
on the contents of the not-allocated msg[0] array member.

I will go and rewrite this function to look more like openssh's,
on the assumption that their version is probably pretty well battle
tested.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Jesse Morris 2009-10-16 18:03:26 Re: Re: BUG #5065: pg_ctl start fails as administrator, with "could not locate matching postgres executable"
Previous Message Robert Haas 2009-10-16 17:53:34 Re: BUG #5118: start-status-insert-fatal