Medium: get_userid() Memory Management Issues #5
Description
Priority: MEDIUM
File: Src/checkX.c
Function: get_userid()
Discovered: During security pattern testing with test_checkx_security_patterns.c
Description: Multiple memory management and buffer safety issues in get_userid() function.
Reproduction Steps:
- Call
get_userid(NULL)- function allocates 12 bytes with malloc() - Function doesn't provide clear ownership of allocated memory
- Call
get_userid()with small buffer causes strcpy() without bounds checking - Multiple calls create potential memory leaks without clear free() responsibility
Impact: Memory leaks during normal operation, potential buffer overflow from strcpy() without bounds checking.
Proposed Fix: Implement comprehensive memory safety:
char* get_userid(char *outname) {
struct passwd *pwtemp = NULL;
if ((pwtemp = getpwuid(getuid())) == NULL) {
if (outname != NULL) {
/* Use safe string copy with bounds checking */
outname[0] = '\0';
}
return NULL;
}
if (outname == NULL) {
/* Clear documentation: caller must free() */
if ((outname = malloc(strlen(pwtemp->pw_name) + 1)) == NULL) {
fprintf(stderr, "Memory allocation failure\n");
return NULL;
}
}
/* Use safe string copy */
strncpy(outname, pwtemp->pw_name, 11);
outname[11] = '\0'; /* Ensure null termination */
return outname;
}Original Bug ID: BUG-005