Mailinglist Archive: opensuse-bugs (3354 mails)

< Previous Next >
[Bug 981522] New: sessreg Module experiences buffer overflow at high UID
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 25 May 2016 06:47:16 +0000
  • Message-id: <bug-981522-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=981522


Bug ID: 981522
Summary: sessreg Module experiences buffer overflow at high UID
Classification: openSUSE
Product: openSUSE Distribution
Version: 13.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: X.Org
Assignee: xorg-maintainer-bugs@xxxxxxxxxxxxxxxxxxxxxx
Reporter: reinhard.hennig@xxxxxxxxxxxxxxxxxxxxxx
QA Contact: xorg-maintainer-bugs@xxxxxxxxxxxxxxxxxxxxxx
Found By: ---
Blocker: ---

xdm and kdm crash when UID beyond 10.000.000 are used. Some UIDs provide stable
logins but some don't. For example 20.000.000 works fine, 25.000.000 fails. You
can provoke the error by make a simple account like this in your /etc/passwd
file:
otto:x:25000107:25000000:Testuser lokal:/opt/home/otto:/bin/bash

kdm and xdm crash, while terminal based login and graphical logins using gdm
work fine.

This account in your /etc/passwd works fine:
willi:x:20000107:20000000:Testuser lokal:/opt/home/willi:/bin/bash

reason for that behaviour is a buffer overflow in this module: sessreg

used by xdm and kdm.

It doesn't depend on the source (/etc/passwd or ldap).

You may check by doing

sessreg -a willi # works, returns no error

sessreg -a otto # returns error:
seeking lastlog entry: Invalid argument

Other Scenarios: Yes: Login using gdm displaymanager is not affected
Fix: choose different UIDs or gdm

Fast help would be appreciated.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >