https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195128
Bug ID: 195128
Summary: Memory leaks in lib/libpam/modules due to memory
handling with login_getcapstr
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
The login_getcapstr function (and other functions in lib/libutil/login_cap.c)
call cgetstr under the covers, which according the the manpage mallocs memory
on the fly. However, the memory isn't free'd if certain functions are called
multiple times, like pam_sm_acct_mgmt. One of the patches Isilon has had for
some time doe the following to plug a leak in pam_nologin:
$ git diff lib/libpam/modules/pam_nologin/pam_nolo
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c
b/lib/libpam/modules/pam_nologin/pam_nologin.c
index 1be63d2..b4a1421 100644
--- a/lib/libpam/modules/pam_nologin/pam_nologin.c
+++ b/lib/libpam/modules/pam_nologin/pam_nologin.c
@@ -38,6 +38,7 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#include <sys/cdefs.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <login_cap.h>
@@ -97,6 +98,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def);
fd = open(nologin, O_RDONLY, 0);
+ if (nologin != nologin_def)
+ free(__DECONST(char *, nologin));
if (fd < 0) {
login_close(lc);
return (PAM_SUCCESS);
But this is not the right place to fix the issue probably. Memory needs to be
handled better in lib/libutil/login_cap.c .
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
