Bug 990311
Summary: | pam_ldap module leaks memory when changing password | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | David Rennalls <david_rennalls> | ||||||
Component: | pam_ldap | Assignee: | Nalin Dahyabhai <nalin> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 6.4 | CC: | jhrozek | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-07-19 20:14:56 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
David Rennalls
2013-07-30 20:58:20 UTC
Created attachment 780841 [details]
Proposed patch
..leak report when running with the proposed patch
[root@here ~]# valgrind --leak-check=yes ./chpass smithj password
==19607== Memcheck, a memory error detector
==19607== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==19607== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==19607== Command: ./chpass smithj password
==19607==
PAM sucessfully started
==19607== Use of uninitialised value of size 4
==19607== at 0x46A724A: pam_sm_chauthtok (in /root/lib/security/pam_ldap.so)
==19607== by 0x404043E: _pam_dispatch (pam_dispatch.c:110)
==19607== by 0x4044832: pam_chauthtok (pam_password.c:46)
==19607== by 0x8048C55: main (chpass.c:113)
==19607==
LDAP password information changed for smithj
Succesful call to pam_chauthok: 0
==19607==
==19607== HEAP SUMMARY:
==19607== in use at exit: 18,713 bytes in 142 blocks
==19607== total heap usage: 2,517 allocs, 2,375 frees, 216,462 bytes allocated
==19607==
==19607== LEAK SUMMARY:
==19607== definitely lost: 0 bytes in 0 blocks
==19607== indirectly lost: 0 bytes in 0 blocks
==19607== possibly lost: 0 bytes in 0 blocks
==19607== still reachable: 18,713 bytes in 142 blocks
==19607== suppressed: 0 bytes in 0 blocks
==19607== Reachable blocks (those to which a pointer was found) are not shown.
==19607== To see them, rerun with: --leak-check=full --show-reachable=yes
==19607==
==19607== For counts of detected and suppressed errors, rerun with: -v
==19607== Use --track-origins=yes to see where uninitialised values come from
==19607== ERROR SUMMARY: 8 errors from 1 contexts (suppressed: 130 from 13)
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux. Thank you for the bug report. Since RHEL-6 is transitioning to production phase 2 where only urgent and high priority bugs are being fixed, I'm going to close this issue as WONTFIX. I would suggest to migrate to SSSD going forward. |