Track tainted data and refuse to expand it

[exim.git] / src / src / auths / call_pam.c

diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c
index b4677ec5ae8984ec80e436d904d20af940d1bc4e..9a46b6b63c45c2156cb5c6b2df0ba5738d652a4e 100644 (file)
--- a/src/src/auths/call_pam.c
+++ b/src/src/auths/call_pam.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 #include "../exim.h"
@@ -66,17 +66,14 @@ static int
 pam_converse (int num_msg, PAM_CONVERSE_ARG2_TYPE **msg,
   struct pam_response **resp, void *appdata_ptr)
 {
-int i;
 int sep = 0;
 struct pam_response *reply;
 
 if (pam_arg_ended) return PAM_CONV_ERR;
 
-reply = malloc(sizeof(struct pam_response) * num_msg);
+reply = store_get(sizeof(struct pam_response) * num_msg, FALSE);
 
-if (reply == NULL) return PAM_CONV_ERR;
-
-for (i = 0; i < num_msg; i++)
+for (int i = 0; i < num_msg; i++)
   {
   uschar *arg;
   switch (msg[i]->msg_style)
@@ -89,7 +86,7 @@ for (i = 0; i < num_msg; i++)
       arg = US"";
       pam_arg_ended = TRUE;
       }
-    reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */
+    reply[i].resp = CS string_copy_perm(arg, FALSE); /* PAM frees resp */
     reply[i].resp_retcode = PAM_SUCCESS;
     break;
 
@@ -100,7 +97,6 @@ for (i = 0; i < num_msg; i++)
     break;
 
     default:  /* Must be an error of some sort... */
-    free (reply);
     pam_conv_had_error = TRUE;
     return PAM_CONV_ERR;
     }
@@ -189,7 +185,7 @@ if (pam_error == PAM_SUCCESS)
   return OK;
   }
 
-*errptr = (uschar *)pam_strerror(pamh, pam_error);
+*errptr = US pam_strerror(pamh, pam_error);
 DEBUG(D_auth) debug_printf("PAM error: %s\n", *errptr);
 
 if (pam_error == PAM_USER_UNKNOWN ||