Relevant BUGIDs: 1490956,1489818,1489808,1489792,1489804,1489658,1489634

Purpose of commit: bugfixes Commit summary: --------------- 2006-05-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix memory leaks, [#1490956] found by Coverity. * modules/pam_tally/pam_tally.c (pam_get_uid): Check return value of pam_get_user(). (tally_get_data): Check if oldtime is not NULL. [#1489818] found by Coverity. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't ignore return value of stat(). [#1489808] found by Coverity. * modules/pam_mail/pam_mail.c (get_folder): Fix a potential NULL pointer dereference. [#1489792] found by Coverity. * libpam/Makefile.am: bump release number of libpam.so. * libpam/pam_misc.c (_pam_mkargv): Fix memory leak, [#1489804] found by Coverity. * modules/pam_echo/pam_echo.c (replace_and_print): Initialize str, [#1489658] found by Coverity. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix a potential NULL pointer dereference. (pam_sm_chauthtok): Remove dead code. [#1489634] found by Coverity.
author: Thorsten Kukuk <kukuk@thkukuk.de> 2006-05-22 17:27:54 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2006-05-22 17:27:54 +0000
commit: 9251be9693b1c8c56ed067438858e740cba57570 (patch)
tree: 17fe57914bae9c80901e3288831a14f43524b539
parent: 747fce30ecb18b776fd91aefdcf3ab3508b42fbf (diff)
download: pam-9251be9693b1c8c56ed067438858e740cba57570.tar.gz
pam-9251be9693b1c8c56ed067438858e740cba57570.tar.bz2
pam-9251be9693b1c8c56ed067438858e740cba57570.zip
10 files changed, 72 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index d1b092fe..c55a47ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,31 @@
+2006-05-22  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
+	Fix memory leaks, [#1490956] found by Coverity.
+
+	* modules/pam_tally/pam_tally.c (pam_get_uid): Check return
+	value of pam_get_user().
+	(tally_get_data): Check if oldtime is not NULL.
+	[#1489818] found by Coverity.
+
+	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
+	ignore return value of stat(). [#1489808] found by Coverity.
+
+	* modules/pam_mail/pam_mail.c (get_folder): Fix a potential
+	NULL pointer dereference. [#1489792] found by Coverity.
+
+	* libpam/Makefile.am: bump release number of libpam.so.
+	* libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
+	[#1489804] found by Coverity.
+
+	* modules/pam_echo/pam_echo.c (replace_and_print): Initialize
+	str, [#1489658] found by Coverity.
+
+	* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
+	a potential NULL pointer dereference.
+	(pam_sm_chauthtok): Remove dead code.
+	[#1489634] found by Coverity.
+
 2006-05-04  Thorsten Kukuk  <kukuk@suse.de>
 
 	* configure.in: Check for fseeko.
diff --git a/NEWS b/NEWS
index 9bc77809..b674b026 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ Linux-PAM NEWS -- history of user-visible changes.
 
 
 * pam_tally: Fix support for large UIDs
+* Fixed all problems found by Coverity
 
 Release 0.99.4.0
 
diff --git a/libpam/Makefile.am b/libpam/Makefile.am
index 951c1964..4648908b 100644
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -20,7 +20,7 @@ include_HEADERS = $(addprefix include/security/, _pam_compat.h _pam_macros.h _pa
 noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
 		pam_modutil_private.h pam_static_modules.h
 
-libpam_la_LDFLAGS = -no-undefined -version-info 81:3:81 @LIBAUDIT@
+libpam_la_LDFLAGS = -no-undefined -version-info 81:4:81 @LIBAUDIT@
 if STATIC_MODULES
   libpam_la_LDFLAGS += `ls ../modules/pam_*/*.lo` \
 	@LIBDB@ @LIBCRYPT@ @LIBNSL@ @LIBCRACK@ -lutil
diff --git a/libpam/pam_misc.c b/libpam/pam_misc.c
index 746c7a97..26590d09 100644
--- a/libpam/pam_misc.c
+++ b/libpam/pam_misc.c
@@ -170,11 +170,11 @@ int _pam_mkargv(char *s, char ***argv, int *argc)
 		    sbuf = NULL;
 		    D(("loop again?"));
 		}
-		_pam_drop(sbuf_start);
 	    }
+	    _pam_drop(sbuf_start);
 	}
     }
-    
+
     *argv = our_argv;
 
     D(("_pam_mkargv returned"));
@@ -256,7 +256,7 @@ void _pam_parse_control(int *control_array, char *tok)
 	    error = "expecting '='";
 	    goto parse_error;
 	}
-	
+
 	/* skip leading space */
 	while (isspace((int)*tok) && *++tok);
 	if (!*tok) {
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 091a56f5..2f146fb4 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -473,10 +473,9 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
     if (!msg) {
 	retval = pam_get_item(pamh, PAM_USER, &user);
 	if (retval != PAM_SUCCESS || user == NULL) {
-	    if (ctrl & PAM_DEBUG_ARG) {
+	    if (ctrl & PAM_DEBUG_ARG)
 		pam_syslog(pamh,LOG_ERR,"Can not get username");
-        	return PAM_AUTHTOK_ERR;
-	    }
+	    return PAM_AUTHTOK_ERR;
 	}
 	msg = check_old_password(user, pass_new);
     }
@@ -663,11 +662,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
                  */
 	        _pam_drop(resp);
             } else {
-                retval = (retval == PAM_SUCCESS) ?
-                         PAM_AUTHTOK_RECOVERY_ERR:retval ;
-            }
-
-            if (retval != PAM_SUCCESS) {
                 if (ctrl && PAM_DEBUG_ARG)
                     pam_syslog(pamh, LOG_DEBUG,
 			       "unable to obtain the password a second time");
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
index e138c3df..61826437 100644
--- a/modules/pam_echo/pam_echo.c
+++ b/modules/pam_echo/pam_echo.c
@@ -67,7 +67,7 @@ replace_and_print (pam_handle_t *pamh, const char *mesg)
   char *output;
   size_t length = strlen (mesg) + PAM_MAX_MSG_SIZE;
   char myhostname[HOST_NAME_MAX+1];
-  const void *str;
+  const void *str = NULL;
   const char *p, *q;
   int item;
   size_t len;
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index 69384be6..1545fe03 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -108,16 +108,21 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		onerr = PAM_SUCCESS;
 	    else if(!strcmp(myval,"fail"))
 		onerr = PAM_SERVICE_ERR;
-	    else
+	    else {
+	        if (ifname) free (ifname);
 		return PAM_SERVICE_ERR;
+	    }
 	else if(!strcmp(mybuf,"sense"))
 	    if(!strcmp(myval,"allow"))
 		sense=0;
 	    else if(!strcmp(myval,"deny"))
 		sense=1;
-	    else
+	    else {
+	        if (ifname) free (ifname);
 		return onerr;
+	    }
 	else if(!strcmp(mybuf,"file")) {
+	    if (ifname) free (ifname);
 	    ifname = (char *)malloc(strlen(myval)+1);
 	    if (!ifname)
 		return PAM_BUF_ERR;
@@ -176,6 +181,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
               ) {
 	pam_syslog(pamh,LOG_ERR,
 		  "Invalid usage for apply= parameter");
+        free (ifname);
 	return onerr;
     }
 
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 5eb3488b..7d43d5e0 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -1,8 +1,6 @@
 /* pam_mail module */
 
 /*
- * $Id$
- *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
  * $HOME additions by David Kinchlea <kinch@kinch.ark.com> 1997/1/7
  * mailhash additions by Chris Adams <cadams@ro.com> 1998/7/11
@@ -174,6 +172,14 @@ get_folder(pam_handle_t *pamh, int ctrl,
 
     retval = PAM_BUF_ERR;
     if (ctrl & PAM_HOME_MAIL) {
+        if (pwd == NULL) {
+	    pwd = pam_modutil_getpwnam(pamh, user);
+	    if (pwd == NULL) {
+		pam_syslog(pamh, LOG_ERR, "user unknown");
+		retval = PAM_USER_UNKNOWN;
+		goto get_folder_cleanup;
+	    }
+	}
 	if (asprintf(&folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path) < 0)
 	    goto get_folder_cleanup;
     } else {
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index 799d19fc..216f252a 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -341,7 +341,20 @@ create_homedir (pam_handle_t * pamh, int ctrl,
 
 	 return PAM_PERM_DENIED;
       }
-      stat(newsource,&St);
+      if (stat(newsource,&St) != 0)
+	{
+	  pam_syslog(pamh, LOG_DEBUG, "unable to stat src file %s: %m",
+		     newsource);
+	  close(SrcFd);
+	  closedir(D);
+
+#ifndef PATH_MAX
+	  free(newsource); newsource = NULL;
+	  free(newdest); newdest = NULL;
+#endif
+
+	  return PAM_PERM_DENIED;
+	}
 
       /* Open the dest file */
       if ((DestFd = open(newdest,O_WRONLY | O_TRUNC | O_CREAT,0600)) < 0)
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index f3642c34..12cb5bfa 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -231,7 +231,10 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 #ifdef MAIN
     user = cline_user;
 #else
-    pam_get_user( pamh, &user, NULL );
+    if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
+      pam_syslog(pamh, LOG_ERR, "pam_get_user; user?");
+      return PAM_AUTH_ERR;
+    }
 #endif
 
     if ( !user || !*user ) {
@@ -288,7 +291,8 @@ tally_get_data( pam_handle_t *pamh, time_t *oldtime )
     }
     else {
       rv = -1;
-      *oldtime = 0;
+      if (oldtime)
+	*oldtime = 0;
     }
     return rv;
 }
author	Thorsten Kukuk <kukuk@thkukuk.de>	2006-05-22 17:27:54 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2006-05-22 17:27:54 +0000
commit	9251be9693b1c8c56ed067438858e740cba57570 (patch)
tree	17fe57914bae9c80901e3288831a14f43524b539
parent	747fce30ecb18b776fd91aefdcf3ab3508b42fbf (diff)
download	pam-9251be9693b1c8c56ed067438858e740cba57570.tar.gz pam-9251be9693b1c8c56ed067438858e740cba57570.tar.bz2 pam-9251be9693b1c8c56ed067438858e740cba57570.zip