#44: avoid leak in crypt() by moving to crypt_r()
---------------------+------------------------------
Reporter: todorb | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords:
Blocked By: | Blocking:
---------------------+------------------------------
we use pam_chauthtok() to change passwords from one long lived daemon. we
discovered leaked heap chunks that contain password hashes. it turned out
that the non-reentrant versions of hash algorithms called by crypt()
allocate a heap buffer internally, that is not freed when the pam stack is
unloaded and libcrypt is dlclosed.
i'm attaching a patch for switching to the reentrant version when it's
available.
ps. for those interested in more details see for example
http://osxr.org/glibc/source/crypt/sha512-crypt.c?v=glibc-2.17 . the chunk
returned by realloc() on line 0429 is leaked on every call to
pam_chauthtok().
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/44>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project