diff options
| author | Kyungwook Tak <k.tak@samsung.com> | 2016-09-07 14:17:35 +0900 |
|---|---|---|
| committer | Kyungwook Tak <k.tak@samsung.com> | 2016-09-07 14:17:35 +0900 |
| commit | e226e43c2385fe90b3f751623f03add8b19d344a (patch) | |
| tree | 7a8af2b320ae543c7d00281d522b0a80d5a16bc4 /src/pam_plugin | |
| parent | 26bece5034fef1a8fa827945fd882472cc0965cb (diff) | |
| download | key-manager-e226e43c2385fe90b3f751623f03add8b19d344a.tar.gz key-manager-e226e43c2385fe90b3f751623f03add8b19d344a.tar.bz2 key-manager-e226e43c2385fe90b3f751623f03add8b19d344a.zip | |
Fix SVACE defects: unsafe functions and dead code
Change-Id: I1f670628bc6636e89ca9a7d9eae72922f062fd22
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Diffstat (limited to 'src/pam_plugin')
| -rw-r--r-- | src/pam_plugin/pam-key-manager-plugin.cpp | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/src/pam_plugin/pam-key-manager-plugin.cpp b/src/pam_plugin/pam-key-manager-plugin.cpp index 74a1d252..8b401b27 100644 --- a/src/pam_plugin/pam-key-manager-plugin.cpp +++ b/src/pam_plugin/pam-key-manager-plugin.cpp @@ -48,23 +48,37 @@ bool identify_user_pwd(pam_handle_t *pamh, uid_t &uid, std::string &passwd) if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return true; - struct passwd *pwd; + struct passwd pwd; + struct passwd *result = nullptr; + int bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); - if ((pwd = getpwnam(user)) == NULL) + if (bufsize <= 0) + bufsize = 16384; /* should be more than enough */ + + memset(&pwd, 0x00, sizeof(pwd)); + std::vector<char> buf(bufsize, 0); + + int ret = getpwnam_r(user, &pwd, buf.data(), bufsize, &result); + if (ret != 0 || result == nullptr) return true; - if (strcmp(pwd->pw_passwd, PASSWORD_SHADOWED) == 0) { - struct spwd *pwd_sh; + if (strcmp(pwd.pw_passwd, PASSWORD_SHADOWED) == 0) { + struct spwd pwd_sh; + struct spwd *result_sh = nullptr; + + memset(&pwd_sh, 0x00, sizeof(pwd_sh)); + std::vector<char> buf_sh(bufsize, 0); - if ((pwd_sh = getspnam(user)) == NULL) + ret = getspnam_r(user, &pwd_sh, buf_sh.data(), bufsize, &result_sh); + if (ret != 0 || result_sh == nullptr) return true; - passwd = std::string(pwd_sh->sp_pwdp); + passwd = std::string(pwd_sh.sp_pwdp); } else { - passwd = std::string(pwd->pw_passwd); + passwd = std::string(pwd.pw_passwd); } - uid = pwd->pw_uid; + uid = pwd.pw_uid; return false; } } |