[MDEV-8673] [PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.6
Fix Version/s: 10.1.8
Component/s: Plugin - pam
Labels:
- plugins
Environment:
All Platforms (source code)

Sprint:
10.1.8-2

Description

Hello All,

In reviewing code in MariaDB 10.0.2x, I found an instance where
a memory request via strndup() is made, but no check for a return
value of NULL, indicating failure is made. The directory in this
case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
'auth_pam.c'. The patch file below should address this issue:

--- auth_pam.c.orig	2015-08-23 16:16:25.075000000 -0700

+++ auth_pam.c	2015-08-23 16:18:17.594000000 -0700

@@ -99,6 +99,9 @@

         return PAM_CONV_ERR;

       /* allocate and copy the reply to the response array */

       (*resp)[i].resp = strndup((char*)pkt, pkt_len);

+      if ( (*resp)[i].resp == NULL) {

+	return PAM_CONV_ERR;

+      }

       param->ptr = param->buf + 1;

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

auth_pam.c.patch
0.4 kB
2015-08-24 20:03

Issue Links

links to

Github revision

Activity

People

Assignee:: Sergey Vojtovich

Reporter:: Bill Parker

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2015-08-24 20:04

Updated:: 2015-09-16 16:28

Resolved:: 2015-09-16 16:28

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration