Fix some static analysis bugs
A quick scan with infer, a static analysis package.
https://fbinfer.com/docs/getting-started.html
Revealed a couple of legitimate bugs. I'm attaching the people on the
blame result to this review so they can look over the change. These are
unlikely to be exploitable in practice, but we should fix them anyway,
to clean up the analysis results.
Tested By:
Code still compiles, changes should be no-op.
Change-Id: I615dad6eb86fa2ea1709e2e2b009d07036d5f8de
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp
index 643c804..7f2a33c 100644
--- a/include/pam_authenticate.hpp
+++ b/include/pam_authenticate.hpp
@@ -14,13 +14,24 @@
{
return PAM_AUTH_ERR;
}
- auto* pass = reinterpret_cast<char*>(
- malloc(std::strlen(reinterpret_cast<char*>(appdataPtr)) + 1));
- std::strcpy(pass, reinterpret_cast<char*>(appdataPtr));
+ char* appPass = reinterpret_cast<char*>(appdataPtr);
+ size_t appPassSize = std::strlen(appPass);
+ char* pass = reinterpret_cast<char*>(malloc(appPassSize + 1));
+ if (!pass)
+ {
+ return PAM_AUTH_ERR;
+ }
+
+ std::strcpy(pass, appPass);
*resp = reinterpret_cast<pam_response*>(
calloc(numMsg, sizeof(struct pam_response)));
+ if (resp == NULL)
+ {
+ return PAM_AUTH_ERR;
+ }
+
for (int i = 0; i < numMsg; ++i)
{
/* Ignore all PAM messages except prompting for hidden input */