From 2faf73eef14d66aeb345ffa38d0f53670fa8a9a1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 20 May 2010 10:12:47 +0200 Subject: Copy pam data from DBus message Instead of just using references to the pam data inside of the DBus message the data is copied. New the DBus message can be freed at any time and the pam data is part of the memory hierarchy. Additionally it is possible to overwrite the authentication tokens in the DBus message, because it is not used elsewhere. --- src/providers/data_provider_be.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'src/providers/data_provider_be.c') diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 27a4571a..f952faba 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -672,10 +672,13 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) be_req->fn = be_pam_handler_callback; be_req->pvt = reply; - pd = talloc_zero(be_req, struct pam_data); - if (!pd) { + dbus_error_init(&dbus_error); + + ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error); + if (!ret) { + DEBUG(1,("Failed, to parse message!\n")); talloc_free(be_req); - return ENOMEM; + return EIO; } pd->pam_status = PAM_SYSTEM_ERR; @@ -685,14 +688,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) return ENOMEM; } - dbus_error_init(&dbus_error); - - ret = dp_unpack_pam_request(message, pd, &dbus_error); - if (!ret) { - DEBUG(1,("Failed, to parse message!\n")); - talloc_free(be_req); - return EIO; - } DEBUG(4, ("Got request with the following data\n")); DEBUG_PAM_DATA(4, pd); -- cgit