mirror of
https://github.com/foxcpp/maddy.git
synced 2025-04-03 05:07:38 +03:00
auth/pam: Fix double-free crash
conv_func may be called multiple times and should return a unique pam_response each time. Closes #272.
This commit is contained in:
fox.cpp
parent
7ee6a39c6a
commit
cf94882052
3 changed files with 56 additions and 30 deletions
|
|
@ -1,5 +1,3 @@
|
|||
//+build libpam
|
||||
|
||||
/*
|
||||
Maddy Mail Server - Composable all-in-one email server.
|
||||
Copyright © 2019-2022 Max Mazurov <fox.cpp@disroot.org>, Maddy Mail Server contributors
|
||||
|
|
@ -21,28 +19,33 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
#define _POSIX_C_SOURCE 200809L
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <security/pam_appl.h>
|
||||
#include "pam.h"
|
||||
|
||||
static int conv_func(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {
|
||||
*resp = (struct pam_response*)appdata_ptr;
|
||||
struct pam_response *reply = malloc(sizeof(struct pam_response));
|
||||
if (reply == NULL) {
|
||||
return PAM_CONV_ERR;
|
||||
}
|
||||
|
||||
char* password_cpy = malloc(strlen((char*)appdata_ptr)+1);
|
||||
if (password_cpy == NULL) {
|
||||
return PAM_CONV_ERR;
|
||||
}
|
||||
memcpy(password_cpy, (char*)appdata_ptr, strlen((char*)appdata_ptr)+1);
|
||||
|
||||
reply->resp = password_cpy;
|
||||
reply->resp_retcode = 0;
|
||||
|
||||
// PAM frees pam_response for us.
|
||||
*resp = reply;
|
||||
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
struct error_obj run_pam_auth(const char *username, char *password) {
|
||||
// PAM frees pam_response for us.
|
||||
struct pam_response *reply = malloc(sizeof(struct pam_response));
|
||||
if (reply == NULL) {
|
||||
struct error_obj ret_val;
|
||||
ret_val.status = 2;
|
||||
ret_val.func_name = "malloc";
|
||||
ret_val.error_msg = "Out of memory";
|
||||
return ret_val;
|
||||
}
|
||||
reply->resp = password;
|
||||
reply->resp_retcode = 0;
|
||||
|
||||
const struct pam_conv local_conv = { conv_func, reply };
|
||||
const struct pam_conv local_conv = { conv_func, password };
|
||||
pam_handle_t *local_auth = NULL;
|
||||
int status = pam_start("maddy", username, &local_conv, &local_auth);
|
||||
if (status != PAM_SUCCESS) {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,21 @@
|
|||
/*
|
||||
Maddy Mail Server - Composable all-in-one email server.
|
||||
Copyright © 2019-2020 Max Mazurov <fox.cpp@disroot.org>, Maddy Mail Server contributors
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
struct error_obj {
|
||||
|
|
|
|||
|
|
@ -21,28 +21,33 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
#define _POSIX_C_SOURCE 200809L
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <security/pam_appl.h>
|
||||
#include "pam.h"
|
||||
|
||||
static int conv_func(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {
|
||||
*resp = (struct pam_response*)appdata_ptr;
|
||||
struct pam_response *reply = malloc(sizeof(struct pam_response));
|
||||
if (reply == NULL) {
|
||||
return PAM_CONV_ERR;
|
||||
}
|
||||
|
||||
char* password_cpy = malloc(strlen((char*)appdata_ptr)+1);
|
||||
if (password_cpy == NULL) {
|
||||
return PAM_CONV_ERR;
|
||||
}
|
||||
memcpy(password_cpy, (char*)appdata_ptr, strlen((char*)appdata_ptr)+1);
|
||||
|
||||
reply->resp = password_cpy;
|
||||
reply->resp_retcode = 0;
|
||||
|
||||
// PAM frees pam_response for us.
|
||||
*resp = reply;
|
||||
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
struct error_obj run_pam_auth(const char *username, char *password) {
|
||||
// PAM frees pam_response for us.
|
||||
struct pam_response *reply = malloc(sizeof(struct pam_response));
|
||||
if (reply == NULL) {
|
||||
struct error_obj ret_val;
|
||||
ret_val.status = 2;
|
||||
ret_val.func_name = "malloc";
|
||||
ret_val.error_msg = "Out of memory";
|
||||
return ret_val;
|
||||
}
|
||||
reply->resp = password;
|
||||
reply->resp_retcode = 0;
|
||||
|
||||
const struct pam_conv local_conv = { conv_func, reply };
|
||||
const struct pam_conv local_conv = { conv_func, password };
|
||||
pam_handle_t *local_auth = NULL;
|
||||
int status = pam_start("maddy", username, &local_conv, &local_auth);
|
||||
if (status != PAM_SUCCESS) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue