diff options
| author | Sumit Bose <sbose@redhat.com> | 2017-01-25 17:34:54 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-23 10:14:52 +0100 |
| commit | 327a16652bbafbb77b5b90cc7abac3ded7c14364 (patch) | |
| tree | 54476f35dd3a4d12e0329c54ab2469cae7e53bb7 | |
| parent | f561c2bd3c72631ccb7ad6d0b5f6541b27b0922d (diff) | |
| download | sssd-327a16652bbafbb77b5b90cc7abac3ded7c14364.tar.gz sssd-327a16652bbafbb77b5b90cc7abac3ded7c14364.tar.xz sssd-327a16652bbafbb77b5b90cc7abac3ded7c14364.zip | |
PAM: fix memory leak in pam_sss
Since there can be multiple rounds trips between the PAM client and SSSD
it might be possible that the same data is send multiple times by SSSD.
So before overriding the old data it should be freed. I've seen this
with the domain name which is send both in the pre-auth and the auth
responses. To be on the safe side I added free() for some other items as
well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/sss_client/pam_sss.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 03613b8cd..8f97af77e 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -869,6 +869,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, break; } D(("domain name: [%s]", &buf[p])); + free(pi->domain_name); pi->domain_name = strdup((char *) &buf[p]); if (pi->domain_name == NULL) { D(("strdup failed")); @@ -937,6 +938,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, break; } + free(pi->otp_vendor); pi->otp_vendor = strdup((char *) &buf[p]); if (pi->otp_vendor == NULL) { D(("strdup failed")); @@ -950,6 +952,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, pi->otp_vendor = NULL; break; } + free(pi->otp_token_id); pi->otp_token_id = strdup((char *) &buf[p + offset]); if (pi->otp_token_id == NULL) { D(("strdup failed")); @@ -963,6 +966,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, pi->otp_token_id = NULL; break; } + free(pi->otp_challenge); pi->otp_challenge = strdup((char *) &buf[p + offset]); if (pi->otp_challenge == NULL) { D(("strdup failed")); @@ -976,6 +980,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, break; } + free(pi->cert_user); pi->cert_user = strdup((char *) &buf[p]); if (pi->cert_user == NULL) { D(("strdup failed")); @@ -1010,6 +1015,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, pi->cert_user = NULL; break; } + free(pi->token_name); pi->token_name = strdup((char *) &buf[p + offset]); if (pi->token_name == NULL) { D(("strdup failed")); |