debcrafters-packages team mailing list archive

Thread
Date

[Bug 1899103] Re: libpam-cap causes PAM applications to crash

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Superspeed500 <1899103@xxxxxxxxxxxxxxxxxx>
Date: Sun, 19 Oct 2025 15:16:17 -0000
Reply-to: Bug 1899103 <1899103@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Just ran into this bug using ocsrv with libpam-cap version
1:2.66-5ubuntu2.2 on a quite fresh install of Ubuntu 24.04.3 LTS.
Uninstalling the package fixes the problem. I have no clue what this
package does or if I really need it on my home SSLVPN server, but "These
capabilities are a partitioning of the all powerful root privilege into
a set of distinct privileges." as described in the package description
indicates that this is something that is usefull to have in terms of
security. Let me know if any testing related to this is needed.

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1899103

Title:
  libpam-cap causes PAM applications to crash

Status in libcap2 package in Ubuntu:
  Triaged

Bug description:
  Install ocserv and setup for PAM authentication. On second connection,
  ocserv crashes due to a double free in PAM.

  Repro steps:
  1. Create Dockerfile that installs ocserv + libpam-cap
  ```
  FROM ubuntu:20.04

  RUN apt update && apt install -y ocserv libpam-cap && apt autoremove
  && apt clean

  COPY server-cert.pem /etc/ssl/ocserv_test.cert
  COPY server-key.pem /etc/ssl/ocserv_test.key
  COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
  COPY ocserv.conf /etc/ocserv/ocserv.conf

  RUN useradd test
  RUN echo "test\ntest" | passwd test

  ENV MALLOC_CHECK_=3
  CMD ocserv -f -d 1
  ```

  2. Build container:
  ```
  sudo docker build -t ocserv:20.04 .
  ```

  3. Launch container:
  ```
  docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04
  ```

  4. From another console, connect / disconnect:
  ```
  while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done
  ```

  5. ocserv crashes:
  free(): invalid pointer
  ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed
  ocserv[8]: main: main.c:1179: error in command from sec-mod
  ocserv[8]: main: termination request received; waiting for children to die

  For more details see:
  https://gitlab.com/openconnect/ocserv/-/issues/361

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions