pam: Fix "buffer overflow" in pam ZTS tests on F38
The pam ZTS tests were reporting a buffer overflow on F38, possibly due to F38 now setting _FORTIFY_SOURCE=3 by default. gdb and valgrind narrowed this down to a snprintf() buffer overflow in zfs_key_config_modify_session_counter(). I'm not clear why this particular snprintf() was being flagged as an overflow, but when I replaced it with an asprintf(), the test passed reliably. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tony Hutter <hutter2@llnl.gov> Closes #14802 Closes #14842
This commit is contained in:
parent
ecaf3ea3f2
commit
7c555fee9d
|
@ -548,16 +548,11 @@ zfs_key_config_modify_session_counter(pam_handle_t *pamh,
|
|||
errno);
|
||||
return (-1);
|
||||
}
|
||||
size_t runtime_path_len = strlen(runtime_path);
|
||||
size_t counter_path_len = runtime_path_len + 1 + 10;
|
||||
char *counter_path = malloc(counter_path_len + 1);
|
||||
if (!counter_path) {
|
||||
|
||||
char *counter_path;
|
||||
if (asprintf(&counter_path, "%s/%u", runtime_path, config->uid) == -1)
|
||||
return (-1);
|
||||
}
|
||||
counter_path[0] = 0;
|
||||
strcat(counter_path, runtime_path);
|
||||
snprintf(counter_path + runtime_path_len, counter_path_len, "/%d",
|
||||
config->uid);
|
||||
|
||||
const int fd = open(counter_path,
|
||||
O_RDWR | O_CLOEXEC | O_CREAT | O_NOFOLLOW,
|
||||
S_IRUSR | S_IWUSR);
|
||||
|
|
Loading…
Reference in New Issue