logo

skeud

Simple and portable utilities to deal with user accounts (su, login)
commit: c9b30adda6336f7261c7961938b5100c14812a5d
parent d120df8030d2baa278e8f9fab3300457914f2e50
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  3 Nov 2022 13:47:36 +0100

login,su: Plug memory leaks found via AddressSanitizer


Diffstat:


Mlogin.c21+++++++++++++++------


Msu.c17+++++++++++------


2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/login.c b/login.c
@@ -102,6 +102,7 @@ main(int argc, char *argv[])
 		if(got < 0)
 		{
 			if(errno != 0) perror("login: getline");
+			free(username);
 			return 1;
 		}
 
@@ -134,30 +135,36 @@ main(int argc, char *argv[])
 		{
 			perror("login: getspnam");
 		}
-
-		if(pw_hash && strcmp(pw_hash, "x") == 0)
+		else
 		{
-			pw_hash = swent->sp_pwdp;
-		}
+			if(pw_hash && strcmp(pw_hash, "x") == 0)
+			{
+				pw_hash = swent->sp_pwdp;
+			}
 
-		explicit_bzero(swent, sizeof(swent));
-		swent = NULL;
+			explicit_bzero(swent, sizeof(swent));
+			swent = NULL;
+		}
 #endif /* __linux__ */
 
 		char *password = NULL;
 		ssize_t got    = skeud_getpass(&password);
 		if(got < 0)
 		{
+			free(username);
+			free(password);
 			return 1;
 		}
 
 		bool valid_p = skeud_crypt_check(pw_hash, password);
 
 		explicit_bzero(password, got);
+		free(password);
 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
 
 		if(!valid_p)
 		{
+			free(username);
 			sleep(2);
 			fprintf(stderr, "login: Invalid username or password\n");
 			return 1;
@@ -233,6 +240,8 @@ main(int argc, char *argv[])
 	setenv("SHELL", shell, 1);
 	setenv("IFS", " \t\n", 1);
 
+	free(username);
+
 	errno = 0;
 	/* flawfinder: ignore CWE-78 */
 	if(execl(shell, shell, "-l", NULL) < 0)
diff --git a/su.c b/su.c
@@ -128,25 +128,30 @@ main(int argc, char *argv[])
 		{
 			perror("su: getspnam");
 		}
-
-		if(pw_hash && strcmp(pw_hash, "x") == 0)
+		else
 		{
-			pw_hash = swent->sp_pwdp;
-		}
 
-		explicit_bzero(swent, sizeof(swent));
-		swent = NULL;
+			if(pw_hash && strcmp(pw_hash, "x") == 0)
+			{
+				pw_hash = swent->sp_pwdp;
+			}
+
+			explicit_bzero(swent, sizeof(swent));
+			swent = NULL;
+		}
 #endif /* __linux__ */
 
 		char *password = NULL;
 		ssize_t got    = skeud_getpass(&password);
 		if(got < 0)
 		{
+			free(password);
 			return 1;
 		}
 
 		bool valid_p = skeud_crypt_check(pw_hash, password);
 		explicit_bzero(password, got);
+		free(password);
 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
 
 		if(!valid_p)