[Bug 2045250] Re: pam_lastlog doesn't handle localtime_r related errors properly

Frank Heimes 2045250 at bugs.launchpad.net
Tue May 14 16:42:15 UTC 2024 

Hello Boris,
unfortunately no, not really any further actions - as of now.
The problem is that bringing it into M, J and F would require a testplan, and with that a stable reproducer that we do not have (and couldn't find - even at looking at this bug in other distros).
So it was first of all decided to pick it up for noble (since at that time this problem was looked at, noble was still in development).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2045250

Title:
  pam_lastlog doesn't handle localtime_r related errors properly

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in pam package in Ubuntu:
  Fix Released
Status in pam package in Fedora:
  Fix Released

Bug description:
  The pam version(s) in Debian (checked buster) and Ubuntu (checked focal to noble) are affected by
  https://bugzilla.redhat.com/show_bug.cgi?id=2012871

  Customers report a command going through PAM crashing for a given user.
  A potential follow on issue can be that no ssh remote connections to an affected server are possible anymore, esp. painful with headless systems (was reported on a different distro).

  This is caused by an issue in modules/pam_lastlog/pam_lastlog.c:
  with tm = localtime_r(...) that can be NULL and needs to be handled.

  There are two such cases in modules/pam_lastlog/pam_lastlog.c (here noble):
  314-		ll_time = last_login.ll_time;
  315:		if ((tm = localtime_r (&ll_time, &tm_buf)) != NULL) {
  316-			strftime (the_time, sizeof (the_time),
  317-		        /* TRANSLATORS: "strftime options for date of last login" */
  --
  574-
  575-	    lf_time = utuser.ut_tv.tv_sec;
  576:	    tm = localtime_r (&lf_time, &tm_buf);
  577-	    strftime (the_time, sizeof (the_time),
  578-	        /* TRANSLATORS: "strftime options for date of last login" */

  Case 1 (line 315) is properly handled, but not case 2 (line 576).

  The second case got fixed by:
  https://github.com/linux-pam/linux-pam/commit/40c271164dbcebfc5304d0537a42fb42e6b6803c

  This fix should be included in Ubuntu (and Debian).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2045250/+subscriptions

More information about the foundations-bugs mailing list