diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-09-11 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-09-13 08:00:00 +0000 |
| commit | 2d6f1998dd770f5338b046ce4b105fedfadec59a (patch) | |
| tree | 2a84ada5cfb9ba6397d63c7b1a11c3d621fe8d11 | |
| parent | 63ba6e4aa17761461fbddf71af7cb154f1e5b9ae (diff) | |
| download | pam-2d6f1998dd770f5338b046ce4b105fedfadec59a.tar.gz pam-2d6f1998dd770f5338b046ce4b105fedfadec59a.tar.bz2 pam-2d6f1998dd770f5338b046ce4b105fedfadec59a.zip | |
pam_filter: fix potential fd leak on error path
Resolves: https://github.com/linux-pam/linux-pam/issues/829
| -rw-r--r-- | modules/pam_filter/pam_filter.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index ed315b13..3b0913dd 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -322,18 +322,21 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if (setsid() == -1) { pam_syslog(pamh, LOG_ERR, "child cannot become new session: %m"); + close(fd[0]); return PAM_ABORT; } /* grant slave terminal */ if (grantpt (fd[0]) < 0) { pam_syslog(pamh, LOG_ERR, "Cannot grant access to slave terminal"); + close(fd[0]); return PAM_ABORT; } /* unlock slave terminal */ if (unlockpt (fd[0]) < 0) { pam_syslog(pamh, LOG_ERR, "Cannot unlock slave terminal"); + close(fd[0]); return PAM_ABORT; } @@ -343,6 +346,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, if (terminal == NULL) { pam_syslog(pamh, LOG_ERR, "Cannot get the name of the slave terminal: %m"); + close(fd[0]); return PAM_ABORT; } @@ -381,6 +385,10 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, return PAM_ABORT; } + /* now the user input is read from the parent/filter: forget fd */ + + close(fd[1]); + /* make sure that file descriptors survive 'exec's */ if ( fcntl(STDIN_FILENO, F_SETFD, 0) || @@ -391,10 +399,6 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, return PAM_ABORT; } - /* now the user input is read from the parent/filter: forget fd */ - - close(fd[1]); - /* the current process is now apparently working with filtered stdio/stdout/stderr --- success! */ |