Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
jeroennijhof/pam_tacplus 115812 RESOURCE_LEAK Resource leaks This is indeed a memory leak.
File: /pam_tacplus.c 
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227


/* Main PAM functions */

/* authenticates user on remote TACACS+ server
 * returns PAM_SUCCESS if the supplied username and password
 * pair is valid
 */
PAM_EXTERN
int pam_sm_authenticate (pam_handle_t * pamh, int flags,
    int argc, const char **argv) {

    int ctrl, retval;
    char *user;
    char *pass;
    char *tty;
    char *r_addr;
    int srv_i;
    int tac_fd, status, msg, communicating;

    user = pass = tty = r_addr = NULL;

    ctrl = _pam_parse(argc, argv);

 < 1. Condition "ctrl & 1", taking false branch
229
230
231

    if (ctrl & PAM_TAC_DEBUG)
        syslog(LOG_DEBUG, "%s: called (pam_tacplus v%u.%u.%u)",
            __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);

 < 2. Condition "(user = _pam_get_user(pamh)) == NULL", taking false branch
233
234

    if ((user = _pam_get_user(pamh)) == NULL)
        return PAM_USER_UNKNOWN;

 < 3. Condition "ctrl & 1", taking false branch
236
237
238
239

    if (ctrl & PAM_TAC_DEBUG)
        syslog(LOG_DEBUG, "%s: user [%s] obtained", __FUNCTION__, user);

    /* uwzgledniac PAM_DISALLOW_NULL_AUTHTOK */

 << 4. "tacacs_get_password" allocates memory that is stored into "pass".
241

    retval = tacacs_get_password (pamh, flags, ctrl, &pass);
 
 < 5. Condition "retval != 0", taking false branch
 < 6. Condition "pass == NULL", taking false branch
 < 7. Condition "*pass == 0", taking true branch
242
243

    if (retval != PAM_SUCCESS || pass == NULL || *pass == '\0') {
        _pam_log(LOG_ERR, "unable to obtain password");
 
 <<< CID 115812: Resource leaks RESOURCE_LEAK
 <<< 8. Variable "pass" going out of scope leaks the storage it points to.
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269

        return PAM_CRED_INSUFFICIENT;
    }

    retval = pam_set_item (pamh, PAM_AUTHTOK, pass);
    if (retval != PAM_SUCCESS) {
        _pam_log(LOG_ERR, "unable to set password");
        return PAM_CRED_INSUFFICIENT;
    }

    if (ctrl & PAM_TAC_DEBUG)
        syslog(LOG_DEBUG, "%s: password obtained", __FUNCTION__);

    tty = _pam_get_terminal(pamh);
    if (!strncmp(tty, "/dev/", 5))
        tty += 5;
    if (ctrl & PAM_TAC_DEBUG)
        syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty);

    r_addr = _pam_get_rhost(pamh);
    if (ctrl & PAM_TAC_DEBUG)
        syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr);

    status = PAM_AUTHINFO_UNAVAIL;
    for (srv_i = 0; srv_i < tac_srv_no; srv_i++) {
        if (ctrl & PAM_TAC_DEBUG)
            syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i );
Events:
4. alloc_arg pam_tacplus.c:241
8. leaked_storage pam_tacplus.c:244

About Synopsys

Communities and resources