Bug 251539
| Summary: | login may have a small memory leak | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John (J5) Palmieri <johnp> |
| Component: | util-linux-ng | Assignee: | Karel Zak <kzak> |
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | jkeck |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-28 13:08:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in the upstream code -- it will be available in Fedora 9 or 10. Thanks. |
Description of problem: I may be missing something here but I was looking at the login code to copy the pam stuff out of it and I noticed if a user passes in his user name on the command line it is strdup'ed but then the same variable 'username' is used again by pam to get the username out of the passwd file without first freeing the variable. Relevant lines: 428 if (*argv) { 429 char *p = *argv; 430 username = strdup(p); 514 retcode = pam_start(hflag?"remote":"login",username, &conv, &pamh); 544 /* 545 * Grab the user information out of the password file for future usage 546 * First get the username that we are actually using, though. 547 */ 548 retcode = pam_get_item(pamh, PAM_USER, (const void **) &username); This code path assumes no password is required. Nothing in the pam_get_item man page suggests that pam frees the value itself. Also nothing in pam_start suggest pam takes ownership. By taking a const char * it in fact suggests it copies what is sent to it.