Bad memory leak with OpenDirectory and pwd/grp.h code

2024-11-07 18:08:53 +00:00 · 2014-10-22 23:49:16 -07:00 · 2014-10-22 23:49:16 -07:00 · f69913938f
commit f69913938f
parent 84208f1ffc
2 changed files with 59 additions and 2 deletions
--- a/osquery/tables/system/darwin/groups.mm
+++ b/osquery/tables/system/darwin/groups.mm
@ -21,6 +21,7 @@ namespace tables {
 QueryData genGroups() {
  QueryData results;

+  /*
  ODSession *s = [ODSession defaultSession];
  NSError *err;
  ODNode *root = [ODNode nodeWithSession:s name:@"/Local/Default" error:&err];
@ -49,6 +50,27 @@ QueryData genGroups() {
      results.push_back(r);
    }
  }
+  */
+  std::string content;
+  Status s = readFile("/etc/group", content);
+
+  if (!s.ok()) {
+    LOG(ERROR) << "Error reading /etc/group: " << s.toString();
+  }
+
+  for (const auto& line : split(content, "\n")) {
+    auto user_bits = split(line, ":");
+    if (user_bits.size() != 3) {
+      continue;
+    }
+
+    Row r;
+
+    r["name"] = user_bits[0];
+    r["gid"] = user_bits[2];
+
+    results.push_back(r);
+  }

  return results;
 }
--- a/osquery/tables/system/darwin/users.mm
+++ b/osquery/tables/system/darwin/users.mm
@ -21,9 +21,13 @@ namespace tables {
 QueryData genUsers() {
  QueryData results;

-  ODSession *s = [ODSession defaultSession];
+
+  /*
+  // OpenDirectory should be used but this leaks a huge amount of memory
+
+  ODSession *session = [ODSession defaultSession];
  NSError *err;
-  ODNode *root = [ODNode nodeWithSession:s name:@"/Local/Default" error:&err];
+  ODNode *root = [ODNode nodeWithSession:session name:@"/Local/Default" error:&err];
  if (err) {
    LOG(ERROR) << "Error with OD node: " << std::string([[err localizedDescription] UTF8String]);
    return results;
@ -33,11 +37,13 @@ QueryData genUsers() {
    LOG(ERROR) << "Error with OD query: " << std::string([[err localizedDescription] UTF8String]);
    return results;
  }
+
  NSArray *od_results = [q resultsAllowingPartial:NO error:&err];
  if (err) {
    LOG(ERROR) << "Error with OD results: " << std::string([[err localizedDescription] UTF8String]);
    return results;
  }
+
  for (ODRecord *re in od_results) {
    Row r;
    r["username"] = std::string([[re recordName] UTF8String]);
@ -52,6 +58,35 @@ QueryData genUsers() {
      results.push_back(r);
    }
  }
+  */
+
+  // For single-user mode the following is used:
+
+  std::string content;
+  Status ss = readFile("/etc/master.passwd", content);
+
+  if (!ss.ok()) {
+    LOG(ERROR) << "Error reading /etc/passwd: " << ss.toString();
+  }
+
+  std::string line;
+  for (const auto& line : split(content, "\n")) {
+    auto user_bits = split(line, ":");
+    if (user_bits.size() != 7) {
+      continue;
+    }
+
+    Row r;
+
+    r["username"] = user_bits[0];
+    r["uid"] = user_bits[2];
+    r["gid"] = user_bits[3];
+    r["description"] = user_bits[4];
+    r["directory"] = user_bits[5];
+    r["shell"] = user_bits[6];
+
+    results.push_back(r);
+  }

  return results;
 }