Closed mehlert closed 7 months ago
I've just updated the memcpy()
. There's no need to malloc()
extra memory.
The proposed patch also doesn't free()
the memory, which would result in leaks. Some applications like FreeRADIUS can call PAM libraries repeatedly. So we don't want to leak memory over time.
This line memcpy(&resp_msg.msg, message, sizeof(resp_msg.msg));
is really a complicated hack for casting 'cons char' to 'char'.
And it is causing various faults in PAM apps, like this one: sshd-mfa[203808] general protection fault ip:7ff15c4bef3d sp:7ffd94cc5da8 error:0 in libc.so.6
Actually it should be: memcpy(&resp_msg.msg, &message, sizeof(resp_msg.msg));
Better way seems to be to copy the string into a char typed memory.