[#MDEV-8673] [PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x

[MDEV-8673] [PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x Created: 2015-08-24 Updated: 2015-09-16 Resolved: 2015-09-16
Status:	Closed
Project:	MariaDB Server
Component/s:	Plugin - pam
Affects Version/s:	10.1.6
Fix Version/s:	10.1.8

Type:

Bug

Priority:

Major

Reporter:

Bill Parker

Assignee:

Sergey Vojtovich

Resolution:

Fixed

Votes:

Labels:

plugins

Environment:

All Platforms (source code)

Attachments:

auth_pam.c.patch

Sprint:

10.1.8-2

Description

Hello All,

In reviewing code in MariaDB 10.0.2x, I found an instance where
a memory request via strndup() is made, but no check for a return
value of NULL, indicating failure is made. The directory in this
case is 'mariadb-10.0.20/plugin/auth_pam/' and the filename is
'auth_pam.c'. The patch file below should address this issue:

--- auth_pam.c.orig	2015-08-23 16:16:25.075000000 -0700

+++ auth_pam.c	2015-08-23 16:18:17.594000000 -0700

@@ -99,6 +99,9 @@

         return PAM_CONV_ERR;

       /* allocate and copy the reply to the response array */

       (*resp)[i].resp = strndup((char*)pkt, pkt_len);

+      if ( (*resp)[i].resp == NULL) {

+	return PAM_CONV_ERR;

+      }

       param->ptr = param->buf + 1;

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)

Comments

Comment by Sergey Vojtovich [ 2015-09-16 ]

Thanks for your contribution. Patch applied to 10.1 branch. Github revision link attached.

Generated at Thu Feb 08 07:28:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-8673] [PATCH] Missing Sanity Check for strndup() in MariaDB 10.0.2x Created: 2015-08-24 Updated: 2015-09-16 Resolved: 2015-09-16