pam_namespace: fix double-free on parse error in namespace.conf

If a line in namespace.conf only consists of one field then the error handling logic in process_line() ends up in a double-free, resulting in a process abort in libc. It looks like instead of NULLing the `dir` variable, the `instance_prefix` is NULLed, without purpose. Fix this.
author: Matthias Gerstner <matthias.gerstner@suse.de> 2023-12-27 13:29:26 +0100
committer: Dmitry V. Levin <ldv@strace.io> 2024-01-03 10:50:38 +0000
commit: c3d2861800f9af0723e18609ae9852951453d65c (patch)
tree: 41f0b834c998179109a52f314ee01eed1c74107f /modules/pam_namespace/pam_namespace.c
parent: 515546d1117ab89a3597176689273ce7734a77d3 (diff)
download: pam-c3d2861800f9af0723e18609ae9852951453d65c.tar.gz
pam-c3d2861800f9af0723e18609ae9852951453d65c.tar.bz2
pam-c3d2861800f9af0723e18609ae9852951453d65c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 1c42b0f4..b7cdcfa4 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -529,7 +529,7 @@ static int process_line(char *line, const char *home, const char *rhome,
     instance_prefix = config_options[1];
     if (instance_prefix == NULL) {
         pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing instance_prefix");
-        instance_prefix = NULL;
+        dir = NULL;
         goto skipping;
     }
     method = config_options[2];
author	Matthias Gerstner <matthias.gerstner@suse.de>	2023-12-27 13:29:26 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-03 10:50:38 +0000
commit	c3d2861800f9af0723e18609ae9852951453d65c (patch)
tree	41f0b834c998179109a52f314ee01eed1c74107f /modules/pam_namespace/pam_namespace.c
parent	515546d1117ab89a3597176689273ce7734a77d3 (diff)
download	pam-c3d2861800f9af0723e18609ae9852951453d65c.tar.gz pam-c3d2861800f9af0723e18609ae9852951453d65c.tar.bz2 pam-c3d2861800f9af0723e18609ae9852951453d65c.zip