[Bug 1574911] Re: vsftpd 500 oops stack smashing detected - Ubuntu 16.04
Andreas Hasenack
andreas at canonical.com
Mon May 15 14:16:19 UTC 2017
pure-ftpd sorted this out by reimplementing make_scrambled_password() if
it's not exported:
https://github.com/jedisct1/pure-
ftpd/commit/2db6b50c7b7c638104bd9639994f0574e8f4813c
I don't know when make_scrambled_password() stopped being exported in libmysqlclient, but libmysqlclient's my_make_scrambled_password() is NOT a replacement for it. The right replacement for it is my_make_scrambled_password_sha1(), and currently make_scrambled_password() is a wrapper around my_make_scrambled_password_sha1(), but neither are exported in libmysqlclient:
/*
Wrapper around my_make_scrambled_password() to maintain client lib ABI
compatibility.
In server code usage of my_make_scrambled_password() is preferred to
avoid strlen().
SYNOPSIS
make_scrambled_password()
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
password IN NULL-terminated password string
*/
void make_scrambled_password(char *to, const char *password)
{
my_make_scrambled_password_sha1(to, password, strlen(password));
}
So pam_mysql should probably reimplement my_make_scrambled_password_sha1() in order to support passwords hashed with the server PASSWORD() function (the crypt=2 option in pam_mysql).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1574911
Title:
vsftpd 500 oops stack smashing detected - Ubuntu 16.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam-mysql/+bug/1574911/+subscriptions
More information about the Ubuntu-server-bugs
mailing list