Module Name: src
Committed By: kamil
Date: Sat Feb 8 13:44:35 UTC 2020
Modified Files:
src/usr.bin/login: login_pam.c
Log Message:
Avoid use-after-free bug in PAM environment
Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.
Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/usr.bin/login/login_pam.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/login/login_pam.c
diff -u src/usr.bin/login/login_pam.c:1.25 src/usr.bin/login/login_pam.c:1.26
--- src/usr.bin/login/login_pam.c:1.25 Thu Oct 29 11:31:52 2015
+++ src/usr.bin/login/login_pam.c Sat Feb 8 13:44:35 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $ */
+/* $NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-__RCSID("$NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $");
+__RCSID("$NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $");
#endif /* not lint */
/*
@@ -602,8 +602,8 @@ skip_auth:
char **envitem;
for (envitem = pamenv; *envitem; envitem++) {
- putenv(*envitem);
- free(*envitem);
+ if (putenv(*envitem) == -1)
+ free(*envitem);
}
free(pamenv);
