Re: [Openvpn-devel] [PATCH] Fix memory leak in auth-pam plugin

[Lev Stipakov]

ACK from me. My Clang static analyzer concurs.

On 21.10.2015 01:38, Steffan Karger wrote:

As it says on the tin.  aresp would not be free'd nor returned by
my_conv() on errors.  Note that we never reach this code if allocation
of aresp failed.

Found with the Clang static analyzer.

Signed-off-by: Steffan Karger 
---
  src/plugins/auth-pam/auth-pam.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index bd71792..95692ab 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -642,6 +642,9 @@ my_conv (int n, const struct pam_message **msg_array,

if (ret == PAM_SUCCESS)
  *response_array = aresp;
+  else
+free(aresp);
+
return ret;
  }

[Openvpn-devel] [PATCH] Fix memory leak in auth-pam plugin

[Steffan Karger]

As it says on the tin.  aresp would not be free'd nor returned by
my_conv() on errors.  Note that we never reach this code if allocation
of aresp failed.

Found with the Clang static analyzer.

Signed-off-by: Steffan Karger 
---
 src/plugins/auth-pam/auth-pam.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index bd71792..95692ab 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -642,6 +642,9 @@ my_conv (int n, const struct pam_message **msg_array,

   if (ret == PAM_SUCCESS)
 *response_array = aresp;
+  else
+free(aresp);
+
   return ret;
 }

-- 
2.1.4