2025-01-23 Fred Gleason <fredg@paravelsystems.com>

* Fixed a bug in 'RDPam' that could cause a segfault when processing an authentication. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-08-03 09:29:34 +02:00 · 2025-01-23 12:51:57 -05:00 · 2025-01-23 12:51:57 -05:00 · 2f1f796775
commit 2f1f796775
parent 60d8b8274a
3 changed files with 15 additions and 31 deletions
--- a/3
+++ b/3
@ -24495,3 +24495,6 @@
 	if ALSA support was not enabled.
 2023-11-21 Fred Gleason <fredg@paravelsystems.com>
 	* Incremented the package version to 4.1.2.
 2025-01-23 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a bug in 'RDPam' that could cause a segfault when processing
 	an authentication.
--- a/lib/rdpam.cpp
+++ b/lib/rdpam.cpp
@ -2,7 +2,7 @@
 //
 // Authenticate a PAM name.
 //
-//   (C) Copyright 2010-2019 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2010-2025 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@ -36,19 +36,17 @@ int RDPamCallback(int num_msg, const struct pam_message **msg,
 		struct pam_response **resp, void *appdata_ptr)
 {
  RDPam *pam=(RDPam *)appdata_ptr;
-
+  int ret=PAM_SUCCESS;
-  pam->CleanupPam();
+  
-  *resp=new struct pam_response[num_msg];
+  *resp=(struct pam_response *)malloc(sizeof(struct pam_response)*num_msg);
  memset(*resp,0,sizeof(struct pam_response)*num_msg);
  for(int i=0;i<num_msg;i++) {
-    resp[i]->resp=new char[256];
+    resp[i]->resp=(char *)malloc(256);
    memset(resp[i]->resp,0,256);
    switch(msg[i]->msg_style) {
    case PAM_PROMPT_ECHO_OFF:
      strncpy(resp[i]->resp,pam->system_token.toUtf8(),255);
      break;
    case PAM_PROMPT_ECHO_ON:
-      rda->syslog(LOG_WARNING,"unhandled PAM request: %s",msg[i]->msg);
+      strncpy(resp[i]->resp,pam->system_token.toUtf8(),255);
      break;
    case PAM_ERROR_MSG:
@ -57,14 +55,12 @@ int RDPamCallback(int num_msg, const struct pam_message **msg,
      break;
    }
  }
-  return 0;
+  return ret;
 }
 RDPam::RDPam(const QString &pam_service)
 {
  system_pam_response=NULL;
  system_pam_response_count=0;
  system_pam_service=pam_service;
 }
@ -82,30 +78,14 @@ bool RDPam::authenticate(const QString &username,const QString &token)
  if((err=pam_start(system_pam_service.toUtf8(),username.toUtf8(),&conv,&pamh))!=PAM_SUCCESS) {
    rda->syslog(LOG_WARNING,"PAM error [%s]",pam_strerror(pamh,err));
    pam_end(pamh,err);
    CleanupPam();
    return false;
  }
  if((err=pam_authenticate(pamh,0))!=PAM_SUCCESS) {
    rda->syslog(LOG_WARNING,"PAM authentication failed [%s]",
 		pam_strerror(pamh,err));
    pam_end(pamh,err);
    CleanupPam();
    return false;
  }
  pam_end(pamh,err);
  CleanupPam();
  return true;
 }
 void RDPam::CleanupPam()
 {
  if(system_pam_response==NULL) {
    return;
  }
  for(int i=0;i<system_pam_response_count;i++) {
    delete system_pam_response[i].resp;
  }
  delete system_pam_response;
  system_pam_response=NULL;
 }
--- a/lib/rdpam.h
+++ b/lib/rdpam.h
@ -30,11 +30,12 @@ class RDPam
  bool authenticate(const QString &username,const QString &token);
 private:
-  void CleanupPam();
+  //  void CleanupPam();
  QString system_pam_service;
  QString system_token;
-  struct pam_response *system_pam_response;
+  //  struct pam_response *system_pam_response;
-  int system_pam_response_count;
+  //  int system_pam_response_count;
  //  int cleanup_pass;
  friend int RDPamCallback(int num_msg, const struct pam_message **msg,
 			   struct pam_response **resp, void *appdata_ptr);
 };