The Samba-Bugzilla – Attachment 10045 Details for
Bug 10669
libpam-smbpass leaks file descriptors when PAM authenticates multiple times in a single process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
libpam-smbpass fd leak test program
pamtest.c (text/x-csrc), 1.98 KB, created by
Brian Campbell
on 2014-06-24 05:36:20 UTC
(
hide
)
Description:
libpam-smbpass fd leak test program
Filename:
MIME Type:
Creator:
Brian Campbell
Created:
2014-06-24 05:36:20 UTC
Size:
1.98 KB
patch
obsolete
>#include <dirent.h> >#include <err.h> >#include <stdio.h> >#include <stdlib.h> >#include <string.h> >#include <security/pam_appl.h> >#include <sys/stat.h> >#include <sys/types.h> >#include <unistd.h> > >int my_conv(int num_msg, const struct pam_message **msg, > struct pam_response **resp, void *appdata_ptr) { > struct pam_response *out = calloc(num_msg, sizeof(struct pam_response)); > char *password = appdata_ptr; > > for (int i = 0; i < num_msg; ++i) { > if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { > out[i].resp = strdup(password); > out[i].resp_retcode = 0; > } > } > > *resp = out; > return 0; >} > >int authenticate(const char *username, const char *password) { > pam_handle_t *handle; > struct pam_conv conv = { > .conv = my_conv, > .appdata_ptr = (void *)password > }; > > int ret = pam_start("pamtest", username, &conv, &handle); > if (ret != 0) { > pam_end(handle, ret); > return 0; > } > > ret = pam_authenticate(handle, 0); > int err = pam_end(handle, ret); > return ret == 0 && err == 0; >} > >void listfiles() { > if (chdir("/proc/self/fd") != 0) > err(1, "chdir"); > > DIR *fddir = opendir("."); > if (fddir == NULL) > err(2, "opendir"); > struct dirent *entry; > while ((entry = readdir(fddir)) != NULL) { > if (entry->d_type == DT_LNK) { > struct stat sb; > if (lstat(entry->d_name, &sb) != 0) > err(3, "lstat(%s)", entry->d_name); > > char *contents = malloc(sb.st_size + 1); > if (contents == NULL) > err(4, "malloc"); > > ssize_t size = readlink(entry->d_name, contents, sb.st_size + 1); > if (size < 0) > err(5, "readlink"); > > if (size > sb.st_size) > errx(6, "link size too large"); > > contents[size] = '\0'; > > printf("%s: %s\n", entry->d_name, contents); > > free(contents); > > } > } > closedir(fddir); >} > >int main(int argc, char **argv) { > if (argc != 3) > errx(10, "Usage: pamtest <username> <password>"); > > for (int i = 0; i < 10; ++i) { > puts(authenticate(argv[1], argv[2]) ? "success" : "failure"); > } > > listfiles(); > > return 0; >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10045">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10669
: 10045 |
10047