[Slackbuilds-users] [SLiM] Potential NULL pointer dereference

mancha mancha1 at hush.com
Wed Jul 3 04:55:17 UTC 2013


Hello.

When SLiM uses crypt() to authenticate and it returns a NULL
pointer (as glibc 2.17+ does for invalid input such as a
locked account with a "!" prepended password field), then
logging in to such an account via SLiM crashes the daemon.

---
slim[1819]: segfault at 0 ip b7220909 sp bf85deb4 error 4 in libc-
2.17.so[b71a0000+186000]
---

I have been in touch with SLiM's primary developer and he
has committed my fix here:

http://git.berlios.de/cgi-
bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
b

This fix applies cleanly to 1.3.5 and prevents the segfaults
on Slackware-current and is fully backwards compatible
with older Slackware versions.

--mancha

PS. Upon subscribing to the list, my password and other
info (name, email, etc.) were sent cleartext. Having it
go over SSL is very easy to do. Here's a good how-to:
http://wiki.list.org/display/DOC/4.27+Securing+Mailman%27s+web+GUI+b
y+using+Secure+HTTP-SSL



More information about the SlackBuilds-users mailing list