From aabd5314a6d76968c377969b49118a2df3f97003 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 19 May 2024 15:00:00 +0000 Subject: [PATCH 1/2] pam_env: fix NULL dereference on error path in econf_read_file * modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL value returned by econf_getStringValue(). Resolves: https://github.com/linux-pam/linux-pam/issues/796 --- modules/pam_env/pam_env.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 2cc58228..6d39bb24 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -287,7 +287,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli char *val; error = econf_getStringValue (key_file, NULL, keys[i], &val); - if (error != ECONF_SUCCESS) { + if (error != ECONF_SUCCESS || val == NULL) { pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", keys[i], econf_errString(error)); -- 2.45.1 From 75292685a625153c6e28bdd820e97421c258c04a Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sun, 19 May 2024 15:00:00 +0000 Subject: [PATCH 2/2] pam_env: fix error handling in econf_read_file * modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure the returned array of strings is properly initialized when econf_getStringValue() fails to return a value. --- modules/pam_env/pam_env.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 6d39bb24..7c146439 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -273,7 +273,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli return PAM_ABORT; } - *lines = malloc((key_number +1)* sizeof(char**)); + *lines = calloc((key_number + 1), sizeof(char**)); if (*lines == NULL) { pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); econf_free(keys); @@ -281,8 +281,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli return PAM_BUF_ERR; } - (*lines)[key_number] = 0; - + size_t n = 0; for (size_t i = 0; i < key_number; i++) { char *val; @@ -293,7 +292,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli econf_errString(error)); } else { econf_unescnl(val); - if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { + if (asprintf(&(*lines)[n],"%s%c%s", keys[i], delim[0], val) < 0) { pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); econf_free(keys); econf_freeFile(key_file); @@ -303,6 +302,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli return PAM_BUF_ERR; } free (val); + n++; } } -- 2.45.1