[Slackbuilds-users] [SLiM] Potential NULL pointer dereference

Niels Horn niels.horn at gmail.com
Wed Jul 3 09:59:10 UTC 2013


Thanks for the fix!

I'll include it soonish and submit an update.

--
Niels Horn


On Wed, Jul 3, 2013 at 1:55 AM, mancha <mancha1 at hush.com> wrote:

> Hello.
>
> When SLiM uses crypt() to authenticate and it returns a NULL
> pointer (as glibc 2.17+ does for invalid input such as a
> locked account with a "!" prepended password field), then
> logging in to such an account via SLiM crashes the daemon.
>
> ---
> slim[1819]: segfault at 0 ip b7220909 sp bf85deb4 error 4 in libc-
> 2.17.so[b71a0000+186000]
> ---
>
> I have been in touch with SLiM's primary developer and he
> has committed my fix here:
>
> http://git.berlios.de/cgi-
> bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
> b
>
> This fix applies cleanly to 1.3.5 and prevents the segfaults
> on Slackware-current and is fully backwards compatible
> with older Slackware versions.
>
> --mancha
>
> PS. Upon subscribing to the list, my password and other
> info (name, email, etc.) were sent cleartext. Having it
> go over SSL is very easy to do. Here's a good how-to:
> http://wiki.list.org/display/DOC/4.27+Securing+Mailman%27s+web+GUI+b
> y+using+Secure+HTTP-SSL
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20130703/0f6ac959/attachment-0001.html>


More information about the SlackBuilds-users mailing list