Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1.6
-
All Platforms (source code)
-
10.1.8-2
Description
Hello All,
In reviewing code in MariaDB 10.0.2x, I found an instance where
a memory request via strndup() is made, but no check for a return
value of NULL, indicating failure is made. The directory in this
case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
'auth_pam.c'. The patch file below should address this issue:
--- auth_pam.c.orig 2015-08-23 16:16:25.075000000 -0700
|
+++ auth_pam.c 2015-08-23 16:18:17.594000000 -0700
|
@@ -99,6 +99,9 @@
|
return PAM_CONV_ERR;
|
/* allocate and copy the reply to the response array */
|
(*resp)[i].resp = strndup((char*)pkt, pkt_len);
|
+ if ( (*resp)[i].resp == NULL) {
|
+ return PAM_CONV_ERR;
|
+ }
|
param->ptr = param->buf + 1;
|
}
|
}
|
Questions, Comments, Suggestions?
I am attaching the patch file(s) to this bug report.
Bill Parker (wp02855 at gmail dot com)
Attachments
Issue Links
- links to