NetBSD Problem Report #44505

From mark@ecs.vuw.ac.nz  Wed Feb  2 23:01:43 2011
Return-Path: <mark@ecs.vuw.ac.nz>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id B6C8D63B874
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  2 Feb 2011 23:01:43 +0000 (UTC)
Message-Id: <201102022301.p12N1bZu026670@city-art.ecs.vuw.ac.nz>
Date: Thu, 3 Feb 2011 12:01:37 +1300 (NZDT)
From: mark@ecs.vuw.ac.nz
Reply-To: mark@ecs.vuw.ac.nz
To: gnats-bugs@gnats.NetBSD.org
Subject: pam_exec fails to realloc enough space
X-Send-Pr-Version: 3.95

>Number:         44505
>Category:       lib
>Synopsis:       pam_exec fails to realloc enough space
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 02 23:05:00 +0000 2011
>Closed-Date:    Thu Mar 10 19:57:30 +0000 2011
>Last-Modified:  Thu Mar 10 19:57:30 +0000 2011
>Originator:     Mark Davies
>Release:        NetBSD 5.99.41
>Organization:
ECS, Victoria Uni. of Wellington, New Zealand.
>Environment:


System: NetBSD city-art.ecs.vuw.ac.nz 5.99.41 NetBSD 5.99.41 (ECS_WORKSTATION.nodrm) #0: Fri Dec 17 11:11:42 NZDT 2010 mark@turakirae.ecs.vuw.ac.nz:/local/SAVE/cur.obj/src/work/src/sys/arch/i386/compile/ECS_WORKSTATION.nodrm i386
Architecture: i386
Machine: i386
>Description:
	when calculating the size to realloc the envlist its building
	multiply the number of items by the size of a char *, not a char.

>How-To-Repeat:
	inspection.

>Fix:
	Apply FreeBSD's revision 1.5.  While here also apply FreeBSD's 
	revision 1.6 -- childerr needs to be volatile so gcc won't
	optimize it away.


Index: pam_exec.c
===================================================================
RCS file: /src/cvs/netbsd/src/lib/libpam/modules/pam_exec/pam_exec.c,v
retrieving revision 1.4
diff -u -r1.4 pam_exec.c
--- pam_exec.c	26 Feb 2005 22:45:52 -0000	1.4
+++ pam_exec.c	2 Feb 2011 22:49:56 -0000
@@ -70,8 +70,9 @@
 _pam_exec(pam_handle_t *pamh __unused, int flags __unused,
     int argc, const char *argv[])
 {
-	int childerr, envlen, i, nitems, pam_err, status;
+	int envlen, i, nitems, pam_err, status;
 	char **envlist, **tmp;
+	volatile int childerr;
 	pid_t pid;

 	if (argc < 1)
@@ -90,7 +91,7 @@
 	for (envlen = 0; envlist[envlen] != NULL; ++envlen)
 		/* nothing */ ;
 	nitems = sizeof(env_items) / sizeof(*env_items);
-	tmp = realloc(envlist, (envlen + nitems + 1) * sizeof **envlist);
+	tmp = realloc(envlist, (envlen + nitems + 1) * sizeof(*envlist));
 	if (tmp == NULL) {
 		openpam_free_envlist(envlist);
 		return (PAM_BUF_ERR);

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44505 CVS commit: src/lib/libpam/modules/pam_exec
Date: Wed, 2 Feb 2011 21:06:00 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Thu Feb  3 02:06:00 UTC 2011

 Modified Files:
 	src/lib/libpam/modules/pam_exec: pam_exec.c

 Log Message:
 PR/44505: Mark Davies: pam_exec fails to realloc enough space, while
 there add a volatile variable (From FreeBSD)


 To generate a diff of this commit:
 cvs rdiff -u -r1.4 -r1.5 src/lib/libpam/modules/pam_exec/pam_exec.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: markd@NetBSD.org
State-Changed-When: Thu, 10 Mar 2011 19:57:30 +0000
State-Changed-Why:
christos applied this.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.