Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.1.6
-
Fix Version/s: 10.1.8
-
Component/s: Plugin - pam
-
Labels:
-
Environment:All Platforms (source code)
-
Sprint:10.1.8-2
Description
Hello All,
In reviewing code in MariaDB 10.0.2x, I found an instance where
a memory request via strndup() is made, but no check for a return
value of NULL, indicating failure is made. The directory in this
case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
'auth_pam.c'. The patch file below should address this issue:
--- auth_pam.c.orig 2015-08-23 16:16:25.075000000 -0700
+++ auth_pam.c 2015-08-23 16:18:17.594000000 -0700
@@ -99,6 +99,9 @@
return PAM_CONV_ERR;
/* allocate and copy the reply to the response array */
(*resp)[i].resp = strndup((char*)pkt, pkt_len);
+ if ( (*resp)[i].resp == NULL) {
+ return PAM_CONV_ERR;
+ }
param->ptr = param->buf + 1;
}
}
Questions, Comments, Suggestions?
I am attaching the patch file(s) to this bug report.
Bill Parker (wp02855 at gmail dot com)
Gliffy Diagrams
Attachments
Issue Links
- links to
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Thanks for your contribution. Patch applied to 10.1 branch. Github revision link attached.