Yubico / yubico-pam

51%

master: 47%

LAST BUILD ON BRANCH fix_stack_overwrite

branch: fix_stack_overwrite

CHANGE BRANCH

x

Reset

• fix_stack_overwrite
• 2.18
• 2.19
• 2.20
• 2.21
• 2.22
• 2.23
• 2.24
• 2.25
• 2.26
• chalresp_ownership
• ci_github_actions
• debug_refactor
• feature/forking
• feature/ldap_refactor
• filefish
• issue_184
• issue_185
• master
• minor_memory_leaks
• mock_http11
• nullok_nofile_fix
• scan
• travis/check-doc
• travis_osx
• update-fqdn
• user_unknown-fixes
• wip-codeql-eval
• ykpamcfg_user

Build # 355

Build Type

Pull #188

travis-ci

Committed by web-flow

Commit Message

Fix pam_get_data stack overwrite by saving a heap pointer instead

The previous code was using a trick of saving the actual retval value
as the "pointer". The problem with that was when pam_get_data copied
it out it treated it as a void* which is 8 byte on 64 bit operating
system which meant it copied 8 byte to a 4 byte location and overwrote
the stack with 4 bytes.

The fix is using a heap pointer instead, influenced by the official
code in https://github.com/linux-pam/linux-pam/blob/master/modules/pam_unix/pam_unix_auth.c

With feedback from pedro martelletto, thanks.

Pull Request Pull Request #188: Fix pam_get_data stack overwrite by saving a heap pointer instead

Run Details

13 of 13 new or added lines in 1 file covered. (100.0%)

405 of 788 relevant lines covered (51.4%)

15.38 hits per line