Bug 251539 - login may have a small memory leak
Summary: login may have a small memory leak
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: util-linux-ng
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-08-09 16:53 UTC by John (J5) Palmieri
Modified: 2013-03-13 04:51 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-01-28 13:08:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description John (J5) Palmieri 2007-08-09 16:53:11 UTC
Description of problem:

I may be missing something here but I was looking at the login code to copy the
pam stuff out of it and I noticed if a user passes in his user name on the
command line it is strdup'ed but then the same variable 'username' is used again
by pam to get the username out of the passwd file without first freeing the
variable.

Relevant lines:

428    if (*argv) {
429	char *p = *argv;
430	username = strdup(p);

514    retcode = pam_start(hflag?"remote":"login",username, &conv, &pamh);

544    /*
545     * Grab the user information out of the password file for future usage
546     * First get the username that we are actually using, though.
547     */
548    retcode = pam_get_item(pamh, PAM_USER, (const void **) &username);
    
This code path assumes no password is required.  Nothing in the pam_get_item man
page suggests that pam frees the value itself.  Also nothing in pam_start
suggest pam takes ownership.  By taking a const char * it in fact suggests it
copies what is sent to it.

Comment 1 Karel Zak 2008-01-28 13:08:50 UTC
Fixed in the upstream code -- it will be available in Fedora 9 or 10. Thanks.


Note You need to log in before you can comment on or make changes to this bug.