Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/login Avoid use-after-free bug in PAM environment



details:   https://anonhg.NetBSD.org/src/rev/a631ec74b1b2
branches:  trunk
changeset: 969130:a631ec74b1b2
user:      kamil <kamil%NetBSD.org@localhost>
date:      Sat Feb 08 13:44:35 2020 +0000

description:
Avoid use-after-free bug in PAM environment

Traditional BSD putenv(3) was creating an internal copy of the passed
argument. Unfortunately this was causing memory leaks and was changed by
POSIX to not allocate.

Adapt the putenv(3) usage to modern POSIX (and NetBSD) semantics.

diffstat:

 usr.bin/login/login_pam.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (29 lines):

diff -r 175d12d5041b -r a631ec74b1b2 usr.bin/login/login_pam.c
--- a/usr.bin/login/login_pam.c Sat Feb 08 13:33:56 2020 +0000
+++ b/usr.bin/login/login_pam.c Sat Feb 08 13:44:35 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $       */
+/*     $NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $       */
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -39,7 +39,7 @@
 #if 0
 static char sccsid[] = "@(#)login.c    8.4 (Berkeley) 4/2/94";
 #endif
-__RCSID("$NetBSD: login_pam.c,v 1.25 2015/10/29 11:31:52 shm Exp $");
+__RCSID("$NetBSD: login_pam.c,v 1.26 2020/02/08 13:44:35 kamil Exp $");
 #endif /* not lint */
 
 /*
@@ -602,8 +602,8 @@
                char **envitem;
 
                for (envitem = pamenv; *envitem; envitem++) {
-                       putenv(*envitem);
-                       free(*envitem);
+                       if (putenv(*envitem) == -1)
+                               free(*envitem);
                }
 
                free(pamenv);



Home | Main Index | Thread Index | Old Index