TOCTOU and NULL_RETURNS
Brought to you by:
soupboy
Coverity scan on pam_ssh_agent_auth
package reported two minor bugs, that should be fixed.
First of them is NULL_RETURNS: secure_filename.c:163:4: deref_parm: Directly dereferencing parameter "pw"
. There is no check for return value of getpwuid()
from pam_user_authorized_keys.c
so the pw
argument might contain NULL and the dereferencing without check is not good idea.
Second of them is TOCTOU: pam_user_key_allowed2.c:271: toctou: Calling function "execl" that uses "authorized_keys_command" after a check function. This can cause a time-of-check, time-of-use race condition.
. It should be handled according to Secure Coding standards.
Let me know if you need more details, or want me to propose some patches.
Proposing patch for the first issue:
getpwuid
can return NULL and the return value should be properly checked before de-referencing.