pam_rootok: close the audit socket on error path - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Iker Pedrosa <ipedrosa@redhat.com>	2024-05-22 11:20:02 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2024-05-23 10:25:09 +0000
commit	d00f6cb366b492de455f9b72fcbd2e49abf323e0 (patch)
tree	f919995346a5b04f8f1b47ebe9ec2a7f244a76b7 /modules/pam_timestamp
parent	5eccaf9b3488d3f6da800281363697e4e4834e77 (diff)
download	pam-d00f6cb366b492de455f9b72fcbd2e49abf323e0.tar.gz pam-d00f6cb366b492de455f9b72fcbd2e49abf323e0.tar.bz2 pam-d00f6cb366b492de455f9b72fcbd2e49abf323e0.zip

pam_rootok: close the audit socket on error path

* modules/pam_rootok/pam_rootok.c (log_callback): Close the audit socket if vasprintf returned an error. ``` Error: RESOURCE_LEAK (CWE-772): Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: open_fn: Returning handle opened by "audit_open". Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: var_assign: Assigning: "audit_fd" = handle returned from "audit_open()". Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:69: leaked_handle: Handle variable "audit_fd" going out of scope leaks the handle. 67| va_end(ap); 68| if (ret < 0) { 69|-> return 0; 70| } 71| audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, ``` Resolves: https://issues.redhat.com/browse/RHEL-36475 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

Diffstat (limited to 'modules/pam_timestamp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: