Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8673

[PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.1.6
    • 10.1.8
    • Plugin - pam
    • All Platforms (source code)
    • 10.1.8-2

    Description

      Hello All,

      In reviewing code in MariaDB 10.0.2x, I found an instance where
      a memory request via strndup() is made, but no check for a return
      value of NULL, indicating failure is made. The directory in this
      case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
      'auth_pam.c'. The patch file below should address this issue:

      --- auth_pam.c.orig	2015-08-23 16:16:25.075000000 -0700
      +++ auth_pam.c	2015-08-23 16:18:17.594000000 -0700
      @@ -99,6 +99,9 @@
               return PAM_CONV_ERR;
             /* allocate and copy the reply to the response array */
             (*resp)[i].resp = strndup((char*)pkt, pkt_len);
      +      if ( (*resp)[i].resp == NULL) {
      +	return PAM_CONV_ERR;
      +      }
             param->ptr = param->buf + 1;
           }
         }

      Questions, Comments, Suggestions?

      I am attaching the patch file(s) to this bug report.

      Bill Parker (wp02855 at gmail dot com)

      Attachments

        Issue Links

          Activity

            People

              svoj Sergey Vojtovich
              dogbert2 Bill Parker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.