[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Possible memory leak in the pam_unix and other modules


I was browsing through the sources of the pam_unix module and I suspect
that there is a memory leak in one place. The problem is in the following
code fragment taken from the funcion _set_auth_tok in support.c:

  if ( (retval = converse( pamh, 1 , pmsg, &resp)) != PAM_SUCCESS )
	return retval;

  if ( resp) {
    if ( ( flags & PAM_DISALLOW_NULL_AUTHTOK) &&  resp[0].resp == NULL ) {
      free( resp );
      return PAM_AUTH_ERR;
    p = resp[ 0 ].resp;
    /* This could be a memory leak. If resp[0].resp is malloc()ed, 
	then it has to be free()ed! -- alex */
    resp[ 0 ].resp = NULL;
  } else 
  return PAM_CONV_ERR;

  free( resp );

The resp[0].resp variable is usually malloc'ed (or strdump'ed) in the
conversation function and should be freed here. 
The usual way of freeing the repsonse structure is through a call to the
_pam_drop_reply macro which indeeds frees the individual replies before
freeing the structure itself.

I have not actually tested this problem myself but now that there is
someone who is actively working with this module I thought he would be
more interested in this issue. 
I also think that there are other pam modules with a similar problem.


Dept. of Computer Science                             Tel: +32-16-32 75 55
Katholieke Universiteit Leuven                        Fax: +32-16-32 79 96
Belgium                               http://www.cs.kuleuven.ac.be/~pelov/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []