Fix pointer bug and char type in rad_converse()

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.

GNU General Public License v2.0

102 stars 90 forks source link

Fix pointer bug and char type in rad_converse() #85

Closed mehlert closed 7 months ago

mehlert commented 7 months ago

This line memcpy(&resp_msg.msg, message, sizeof(resp_msg.msg));

is really a complicated hack for casting 'cons char' to 'char'.

And it is causing various faults in PAM apps, like this one: sshd-mfa[203808] general protection fault ip:7ff15c4bef3d sp:7ffd94cc5da8 error:0 in libc.so.6

Actually it should be: memcpy(&resp_msg.msg, &message, sizeof(resp_msg.msg));

Better way seems to be to copy the string into a char typed memory.

alandekok commented 7 months ago

I've just updated the memcpy(). There's no need to malloc() extra memory.

The proposed patch also doesn't free() the memory, which would result in leaks. Some applications like FreeRADIUS can call PAM libraries repeatedly. So we don't want to leak memory over time.