Ubuntu
policykit-1 package

polkit-agent-helper-1 segfaults if send_dbus_message fails

Bug #439655 reported by Andreas Sandberg
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
PolicyKit
Fix Released
Medium
policykit-1 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: policykit-1

polkit-agent-helper-1 does not set the pam handle to NULL after calling pam_end. This causes the error handler to call pam_end on the stale handle if send_dbus_message fails.

ProblemType: Bug
Architecture: amd64
Date: Wed Sep 30 23:19:54 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: fglrx
Package: policykit-1 0.94-1
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
SourcePackage: policykit-1
Uname: Linux 2.6.31-11-generic x86_64

See original description
Revision history for this message
Andreas Sandberg (andysan) wrote :

Binary package hint: policykit-1

polkit-agent-helper-1 does not set the pam handle to NULL after calling pam_end. This causes the error handler to call pam_end on the stale handle if send_dbus_message fails.

ProblemType: Bug
Architecture: amd64
Date: Wed Sep 30 23:19:54 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: fglrx
Package: policykit-1 0.94-1
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
SourcePackage: policykit-1
Uname: Linux 2.6.31-11-generic x86_64

Revision history for this message
Andreas Sandberg (andysan) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in policykit:
status: Unknown → Confirmed
Revision history for this message
In , Zeuthen (zeuthen) wrote :

(In reply to comment #0)
> Created an attachment (id=29960) [details]
> Patch that sets pam_h to null after calling pam_end
>
> polkit-agent-helper calls pam_end on pam_h without setting pam_h to NULL. This
> causes the error handler to call pam_end on the stale handler if the
> send_dbus_message procedure fails, which in turn generates a SIGSEGV.
>

Committed as f5e0b55. Thanks.

Bug Watch Updater (bug-watch-updater)
Changed in policykit:
status: Confirmed → Fix Released
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

The patch should be included in the most current release now. Thanks. :)

Changed in policykit-1 (Ubuntu):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in policykit:
importance: Unknown → Medium
Bug Watch Updater (bug-watch-updater)
Changed in policykit:
importance: Medium → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in policykit:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.