[Bug 195128] New: Memory leaks in lib/libpam/modules due to memory handling with login_getcapstr
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Nov 18 03:36:10 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195128
Bug ID: 195128
Summary: Memory leaks in lib/libpam/modules due to memory
handling with login_getcapstr
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: ngie at FreeBSD.org
The login_getcapstr function (and other functions in lib/libutil/login_cap.c)
call cgetstr under the covers, which according the the manpage mallocs memory
on the fly. However, the memory isn't free'd if certain functions are called
multiple times, like pam_sm_acct_mgmt. One of the patches Isilon has had for
some time doe the following to plug a leak in pam_nologin:
$ git diff lib/libpam/modules/pam_nologin/pam_nolo
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c
b/lib/libpam/modules/pam_nologin/pam_nologin.c
index 1be63d2..b4a1421 100644
--- a/lib/libpam/modules/pam_nologin/pam_nologin.c
+++ b/lib/libpam/modules/pam_nologin/pam_nologin.c
@@ -38,6 +38,7 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#include <sys/cdefs.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <login_cap.h>
@@ -97,6 +98,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def);
fd = open(nologin, O_RDONLY, 0);
+ if (nologin != nologin_def)
+ free(__DECONST(char *, nologin));
if (fd < 0) {
login_close(lc);
return (PAM_SUCCESS);
But this is not the right place to fix the issue probably. Memory needs to be
handled better in lib/libutil/login_cap.c .
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list