../../libshouldbeinlibc/ugids-verify-auth.c

Bug Summary

File:	obj-scan-build/libshouldbeinlibc/../../libshouldbeinlibc/ugids-verify-auth.c
Location:	line 189, column 10
Description:	Memory is never released; potential leak of memory pointed to by 'svma_state.auths'

Annotated Source Code

/* Verify user/group passwords and authenticate accordingly

Written by Miles Bader <miles@gnu.ai.mit.edu>

This file is part of the GNU Hurd.

The GNU Hurd is free software; you can redistribute it and/or

modify it under the terms of the GNU General Public License as

published by the Free Software Foundation; either version 2, or (at

your option) any later version.

The GNU Hurd is distributed in the hope that it will be useful, but

WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program; if not, write to the Free Software

Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. */

#include <stdlib.h>

#include <string.h>

#include <hurd.h>

#include <ctype.h>

#include <unistd.h>

#include <argp.h>

#include <pwd.h>

#include <grp.h>

#include <hurd/paths.h>

#include <hurd/password.h>

#include "ugids.h"

/* Accumulated information from authentication various passwords. */

struct svma_state

{

/* The password server. */

file_t server;

/* An auth port for each password that was verify by the server. */

auth_t *auths;

size_t num_auths;

};

/* Append the auth ports in AUTHS, of length NUM_AUTHS, to the auth port

vector in SS, returning 0 if successful, or an error. */

static error_t

svma_state_add_auths (struct svma_state *ss,

const auth_t *auths, size_t num_auths)

{

auth_t *new = realloc (ss->auths,

←

Memory is allocated

→

(ss->num_auths + num_auths) * sizeof (auth_t));

if (new)

←

Assuming 'new' is non-null

→

←

Taking true branch

→

{

ss->auths = new;

while (num_auths--)

←

Loop condition is true. Entering loop body

→

←

Loop condition is false. Execution continues on line 59

→

ss->auths[ss->num_auths++] = *auths++;

return 0;

}

else

return ENOMEM((0x10 << 26) | ((12) & 0x3fff));

}

/* Get authentication from PASSWORD using the hurd password server. */

static error_t

server_verify_make_auth (const char *password,

uid_t id, int is_group,

void *pwd_or_grp, void *hook)

{

auth_t auth;

struct svma_state *svma_state = hook;

error_t (*check) (io_t server, uid_t id, const char *passwd, auth_t *auth) =

is_group ? password_check_group : password_check_user;

error_t err = (*check) (svma_state->server, id, password, &auth);

if (! err)

/* PASSWORD checked out ok; the corresponding authentication is in AUTH. */

{

err = svma_state_add_auths (svma_state, &auth, 1);

if (err)

mach_port_deallocate (mach_task_self ()((__mach_task_self_ + 0)), auth);

}

return err;

}

/* Verify that we have the right to the ids in UGIDS, given that we already

possess those in HAVE_UIDS and HAVE_GIDS (asking for passwords where

necessary), and return corresponding authentication in AUTH; the auth

ports in FROM, of length NUM_FROM, are used to supplement the auth port of

the current process if necessary. 0 is returned if access should be

allowed, otherwise EINVAL if an incorrect password was entered, or an

error relating to resource failure. GETPASS_FN and GETPASS_HOOK are as

for the idvec_verify function in <idvec.h>. */

error_t

ugids_verify_make_auth (const struct ugids *ugids,

const struct idvec *have_uids,

const struct idvec *have_gids,

100

char *(*getpass_fn) (const char *prompt,

101

uid_t id, int is_group,

102

void *pwd_or_grp, void *hook),

103

void *getpass_hook,

104

const auth_t *from, size_t num_from,

105

auth_t *auth)

106

{

107

error_t err;

108

/* By default, get authentication from the password server. */

109

struct svma_state svma_state;

110

error_t (*verify_fn) (const char *password,

111

uid_t id, int is_group,

112

void *pwd_or_grp, void *hook)

113

= server_verify_make_auth;

114

void *verify_hook = &svma_state;

115

116

/* Try to open the hurd password server. */

117

svma_state.server = file_name_lookup (_SERVERS_PASSWORD"/servers/" "password", 0, 0);

118

119

if (svma_state.server == MACH_PORT_NULL((mach_port_t) 0))

Taking false branch

→

120

/* Can't open the password server, try to use our own authority in

121

the traditional unix manner. */

122

{

123

verify_fn = 0;

124

verify_hook = 0;

125

}

126

else

127

{

128

/* Must initialize list to empty so svma_state_add_auths works. */

129

svma_state.auths = NULL((void*)0);

130

svma_state.num_auths = 0;

131

}

132

133

/* Check passwords. */

134

err = ugids_verify (ugids, have_uids, have_gids,

135

getpass_fn, getpass_hook, verify_fn, verify_hook);

136

137

if (! err)

Assuming 'err' is 0

Taking true branch

138

{

139

/* The user apparently has access to all the ids, try to grant the

140

corresponding authentication. */

141

if (verify_fn)

←

Taking true branch

→

142

/* Merge the authentication we got from the password server into our

143

result. */

144

{

145

if (num_from > 0)

←

Assuming 'num_from' is > 0

→

←

Taking true branch

→

146

/* Use FROM as well as the passwords to get authentication. */

147

err = svma_state_add_auths (&svma_state, from, num_from);

←

Calling 'svma_state_add_auths'

→

←

Returned allocated memory

→

148

149

if (! err)

←

Taking true branch

→

150

{

151

auth_t cur_auth = getauth ();

152

153

err =

154

auth_makeauth (cur_auth,

155

svma_state.auths, MACH_MSG_TYPE_COPY_SEND19,

156

svma_state.num_auths,

157

ugids->eff_uids.ids, ugids->eff_uids.num,

158

ugids->avail_uids.ids, ugids->avail_uids.num,

159

ugids->eff_gids.ids, ugids->eff_gids.num,

160

ugids->avail_gids.ids, ugids->avail_gids.num,

161

auth);

162

mach_port_deallocate (mach_task_self ()((__mach_task_self_ + 0)), cur_auth);

163

164

/* Avoid deallocating FROM when we clean up SVMA_STATE. */

165

svma_state.num_auths -= num_from;

166

}

167

}

168

else

169

/* Try to authenticate the old fashioned way... */

170

err = ugids_make_auth (ugids, from, num_from, auth);

171

}

172

173

if (verify_fn)

←

Taking true branch

→

174

/* Clean up any left over state. */

175

{

176

unsigned int i;

177

178

/* Get rid of auth ports. */

179

for (i = 0; i < svma_state.num_auths; i++)

←

Loop condition is false. Execution continues on line 183

→

180

mach_port_deallocate (mach_task_self ()((__mach_task_self_ + 0)), svma_state.auths[i]);

181

182

/* Close password server. */

183

mach_port_deallocate (mach_task_self ()((__mach_task_self_ + 0)), svma_state.server);

184

185

if (svma_state.num_auths > 0)

←

Taking false branch

→

186

free (svma_state.auths);

187

}

188

189

return err;

←

Memory is never released; potential leak of memory pointed to by 'svma_state.auths'

190

}