Hello All,

In reviewing code in MariaDB 10.0.2x, I found an instance where
a memory request via strndup() is made, but no check for a return
value of NULL, indicating failure is made. The directory in this
case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
'auth_pam.c'. The patch file below should address this issue:

--- auth_pam.c.orig	2015-08-23 16:16:25.075000000 -0700

+++ auth_pam.c	2015-08-23 16:18:17.594000000 -0700

@@ -99,6 +99,9 @@

         return PAM_CONV_ERR;

       /* allocate and copy the reply to the response array */

       (*resp)[i].resp = strndup((char*)pkt, pkt_len);

+      if ( (*resp)[i].resp == NULL) {

+	return PAM_CONV_ERR;

+      }

       param->ptr = param->buf + 1;

     }

   }

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)