diff options
author | jjj <none@none> | 2007-01-04 06:32:41 -0800 |
---|---|---|
committer | jjj <none@none> | 2007-01-04 06:32:41 -0800 |
commit | ace0ce487bf50def2cf7ed0dfe532a37bb784c0b (patch) | |
tree | e47e65cb3819d36a5a5f7cb483d270557a954739 /usr/src/lib/libsecdb/common | |
parent | c573a06ee35a7b4e0a32d84e1f038ca5439b5d67 (diff) | |
download | illumos-joyent-ace0ce487bf50def2cf7ed0dfe532a37bb784c0b.tar.gz |
6493200 memory leak in libsecdb chkauthattr(3SECDB)
6508016 pam_getenvlist truncates variables
Diffstat (limited to 'usr/src/lib/libsecdb/common')
-rw-r--r-- | usr/src/lib/libsecdb/common/chkauthattr.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/usr/src/lib/libsecdb/common/chkauthattr.c b/usr/src/lib/libsecdb/common/chkauthattr.c index 5b9a05c1d3..6e41e99723 100644 --- a/usr/src/lib/libsecdb/common/chkauthattr.c +++ b/usr/src/lib/libsecdb/common/chkauthattr.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -50,7 +50,7 @@ chkauthattr(const char *authname, const char *username) int auth_granted = 0; char *auths; char *profiles; - userattr_t *user; + userattr_t *user = NULL; char *chkedprof[MAXPROFS]; int chkedprof_cnt = 0; int i; @@ -58,34 +58,34 @@ chkauthattr(const char *authname, const char *username) if (authname == NULL || username == NULL) return (0); + /* Check against AUTHS_GRANTED and PROFS_GRANTED in policy.conf */ auth_granted = _chk_policy_auth(authname, chkedprof, &chkedprof_cnt); - if (auth_granted) { - return (1); - } + if (auth_granted) + goto exit; + if ((user = getusernam(username)) == NULL) - return (0); + goto exit; + /* Check against authorizations listed in user_attr */ if ((auths = kva_match(user->attr, USERATTR_AUTHS_KW)) != NULL) { - if (_is_authorized(authname, auths)) { - free_userattr(user); - return (1); - } - } - - if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) { - free_userattr(user); - return (0); + auth_granted = _is_authorized(authname, auths); + if (auth_granted) + goto exit; } - auth_granted = _chkprof_for_auth(profiles, authname, - chkedprof, &chkedprof_cnt); + /* Check against authorizations specified by profiles */ + if ((profiles = kva_match(user->attr, USERATTR_PROFILES_KW)) != NULL) + auth_granted = _chkprof_for_auth(profiles, authname, + chkedprof, &chkedprof_cnt); +exit: /* free memory allocated for checked array */ for (i = 0; i < chkedprof_cnt; i++) { free(chkedprof[i]); } - free_userattr(user); + if (user != NULL) + free_userattr(user); return (auth_granted); } |