Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
jeroennijhof/pam_tacplus | 115812 | RESOURCE_LEAK | Resource leaks | This is indeed a memory leak. |
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
/* Main PAM functions */ /* authenticates user on remote TACACS+ server * returns PAM_SUCCESS if the supplied username and password * pair is valid */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t * pamh, int flags, int argc, const char **argv) { int ctrl, retval; char *user; char *pass; char *tty; char *r_addr; int srv_i; int tac_fd, status, msg, communicating; user = pass = tty = r_addr = NULL; ctrl = _pam_parse(argc, argv); |
< 1. Condition "ctrl & 1", taking false branch
229 230 231 |
if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)", __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT); |
< 2. Condition "(user = _pam_get_user(pamh)) == NULL", taking false branch
233 234 |
if ((user = _pam_get_user(pamh)) == NULL) return PAM_USER_UNKNOWN; |
< 3. Condition "ctrl & 1", taking false branch
236 237 238 239 |
if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: user [%s] obtained", __FUNCTION__, user); /* uwzgledniac PAM_DISALLOW_NULL_AUTHTOK */ |
<< 4. "tacacs_get_password" allocates memory that is stored into "pass".
241 |
retval = tacacs_get_password (pamh, flags, ctrl, &pass); |
< 5. Condition "retval != 0", taking false branch
< 6. Condition "pass == NULL", taking false branch
< 7. Condition "*pass == 0", taking true branch
242 243 |
if (retval != PAM_SUCCESS || pass == NULL || *pass == '\0') { _pam_log(LOG_ERR, "unable to obtain password"); |
<<< CID 115812: Resource leaks RESOURCE_LEAK <<< 8. Variable "pass" going out of scope leaks the storage it points to.
244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 |
return PAM_CRED_INSUFFICIENT; } retval = pam_set_item (pamh, PAM_AUTHTOK, pass); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "unable to set password"); return PAM_CRED_INSUFFICIENT; } if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: password obtained", __FUNCTION__); tty = _pam_get_terminal(pamh); if (!strncmp(tty, "/dev/", 5)) tty += 5; if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty); r_addr = _pam_get_rhost(pamh); if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr); status = PAM_AUTHINFO_UNAVAIL; for (srv_i = 0; srv_i < tac_srv_no; srv_i++) { if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i ); |
4. alloc_arg | pam_tacplus.c:241 | |
8. leaked_storage | pam_tacplus.c:244 |