Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Nov 2014 03:36:10 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 195128] New: Memory leaks in lib/libpam/modules due to memory handling with login_getcapstr
Message-ID:  <bug-195128-8@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195128

            Bug ID: 195128
           Summary: Memory leaks in lib/libpam/modules due to memory
                    handling with login_getcapstr
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ngie@FreeBSD.org

The login_getcapstr function (and other functions in lib/libutil/login_cap.c)
call cgetstr under the covers, which according the the manpage mallocs memory
on the fly. However, the memory isn't free'd if certain functions are called
multiple times, like pam_sm_acct_mgmt. One of the patches Isilon has had for
some time doe the following to plug a leak in pam_nologin:

$ git diff lib/libpam/modules/pam_nologin/pam_nolo
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c
b/lib/libpam/modules/pam_nologin/pam_nologin.c
index 1be63d2..b4a1421 100644
--- a/lib/libpam/modules/pam_nologin/pam_nologin.c
+++ b/lib/libpam/modules/pam_nologin/pam_nologin.c
@@ -38,6 +38,7 @@
 __FBSDID("$FreeBSD$");

 #include <sys/types.h>
+#include <sys/cdefs.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <login_cap.h>
@@ -97,6 +98,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
        nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def);

        fd = open(nologin, O_RDONLY, 0);
+       if (nologin != nologin_def)
+               free(__DECONST(char *, nologin));
        if (fd < 0) {
                login_close(lc);
                return (PAM_SUCCESS);

But this is not the right place to fix the issue probably. Memory needs to be
handled better in lib/libutil/login_cap.c .

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-195128-8>