You are not logged in.

#1 2017-03-10 20:40:20

layer23
Member
Registered: 2017-03-10
Posts: 1

xtrlock segfaults after user input when account is locked

hi,

don't know whether this is worth reporting a bug into https://bugs.archlinux.org .
maybe this could be an upstream issue:

when a user starts xtrlock, the screen gets locked as expected.
if the user's account has been locked by root meanwhile / before
( passwd -l $user --> "!" prefix in /etc/shadow ),
xtrlock segfaults on any non-zero length input followed by <return>.
so anyone can bypass authentication for locked users.

dmesg shows:
xtrlock[1034]: segfault at 0 ip b750f3b7 sp bf97b6cc error 4 in libc-2.24.so[b73d0000+1b2000]

$arch is x86, xtrlock is V2.8 , glibc is V2.24

could anybody try/confirm this ?

thanks a lot

Offline

#2 2017-03-10 21:47:25

seth
Member
Registered: 2012-09-03
Posts: 49,979

Re: xtrlock segfaults after user input when account is locked

--- xtrlock.c.bak       2017-03-10 22:31:10.895989318 +0100
+++ xtrlock.c   2017-03-10 22:45:25.974643164 +0100
@@ -67,7 +67,8 @@ int passwordok(const char *s) {
 #else
   /* simpler, and should work with crypt() algorithms using longer
      salt strings (like the md5-based one on freebsd).  --marekm */
-  return !strcmp(crypt(s, pw->pw_passwd), pw->pw_passwd);
+  char *encr = crypt(s, pw->pw_passwd);
+  return encr && !strcmp(encr, pw->pw_passwd);
 #endif
 }

Online

Board footer

Powered by FluxBB