Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8673

[PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.6
    • Fix Version/s: 10.1.8
    • Component/s: Plugin - pam
    • Labels:
    • Environment:
      All Platforms (source code)
    • Sprint:
      10.1.8-2

      Description

      Hello All,

      In reviewing code in MariaDB 10.0.2x, I found an instance where
      a memory request via strndup() is made, but no check for a return
      value of NULL, indicating failure is made. The directory in this
      case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
      'auth_pam.c'. The patch file below should address this issue:

      --- auth_pam.c.orig	2015-08-23 16:16:25.075000000 -0700
      +++ auth_pam.c	2015-08-23 16:18:17.594000000 -0700
      @@ -99,6 +99,9 @@
               return PAM_CONV_ERR;
             /* allocate and copy the reply to the response array */
             (*resp)[i].resp = strndup((char*)pkt, pkt_len);
      +      if ( (*resp)[i].resp == NULL) {
      +	return PAM_CONV_ERR;
      +      }
             param->ptr = param->buf + 1;
           }
         }

      Questions, Comments, Suggestions?

      I am attaching the patch file(s) to this bug report.

      Bill Parker (wp02855 at gmail dot com)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              dogbert2 Bill Parker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: