Bug#826910: libpam-modules: pam_open_session() causes libasan to report a memory leak

Thu, 09 Jun 2016 19:15:52 -0700 

Package: libpam-modules
Version: 1.1.8-3.3
Severity: minor

Dear Maintainer,

pam_open_session() causes libasan to report a memory leak due to dl_open:

==32701==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x7f44685c8f4a in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x93f4a)
    #1 0x7f446964e101  (<unknown module>)

A dump of proc/xxx/maps shows 0x7f446964e101 to be in ld-2.22.so, dl_open

pamtest.c to demonstrate the bug:

// compile with: gcc pamtest.c -lasan -lpam -lpam_misc -o pamtest
// "pamtest" will fail, "pamtest 0" succeeds

#include <stdlib.h>
#include <security/pam_misc.h>

static void dump_map(int pid)
{
    char cmd[80];
    snprintf(cmd, 80, "cat /proc/%d/maps", pid);
    system(cmd);
}

int main(int argc, char *argv[])
{
    int testleak=1;
    static struct pam_conv conv = { misc_conv, NULL };
    char user[80];
    pam_handle_t *pamh;
    int ret;

    if (argc>1)
        testleak = atoi(argv[1]);

    getlogin_r(user, 80);

    ret=pam_start("pamtest", user, &conv, &pamh);

    if (testleak) pam_open_session(pamh, 0);

    dump_map(getpid());

    if (testleak) ret=pam_close_session(pamh, PAM_SILENT);

    pam_end(pamh, ret);

    return 0;
}


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpam-modules depends on:
ii  debconf [debconf-2.0]  1.5.57
ii  libaudit1              1:2.4.2-1
ii  libc6                  2.22-9
ii  libdb5.3               5.3.28-11
ii  libpam-modules-bin     1.1.8-3.3
ii  libpam0g               1.1.8-3.3
ii  libselinux1            2.3-2+b1

libpam-modules recommends no packages.

libpam-modules suggests no packages.

-- debconf information:
  libpam-modules/disable-screensaver:


MRV Communications is a global supplier of packet and optical solutions that 
power the world’s largest networks. Our products combine innovative hardware 
with intelligent software to make networks smarter, faster and more efficient.

Reply via email to