Ubuntu
tacacs+ package

segfault on disabled accounts

Bug #1435632 reported by David Leonard on 2015-03-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tacacs+ (Ubuntu)	New	Undecided	Unassigned

Bug Description

When authenticating some users, tac_plus will check system passwords, and crash if the account is disabled.

To reproduce: set the system password (/etc/shadow) of a tac+ authenticated user to "!"; then try authenticating from a remote client (in my case with pam_tacplus); the tac_plus server will fault inside strcmp; first parameter passwd to strcmp is (NULL, ...) because crypt(,"!") returned NULL.

Patch attached.

See original description

Tags:

Revision history for this message

David Leonard (d+) wrote on 2015-03-24:

simple fix for disabled accounts Edit (411 bytes, text/plain)

description:

updated

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2015-03-24:

The attachment "simple fix for disabled accounts" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Revision history for this message

David Leonard (d+) wrote on 2015-06-22:

patch submitted upstream

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

simple fix for disabled accounts Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutacacs+ package

segfault on disabled accounts

Bug Description

Other bug subscribers

Patches

Remote bug watches

Ubuntu
tacacs+ package