diff options
| author | Tomas Mraz <tm@t8m.info> | 2010-11-11 16:15:52 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2010-11-11 16:15:52 +0000 |
| commit | 5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca (patch) | |
| tree | 7f0720b9cbf658d49aef6a5653f2e94a14e87b1c /modules | |
| parent | 46cdce51ed99e5b86c613fb19dafa973c219d255 (diff) | |
| download | pam-5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca.tar.gz pam-5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca.tar.bz2 pam-5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2010-11-11 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
potential use after free in case SELinux is misconfigured.
* modules/pam_namespace/pam_namespace.c (process_line): Fix memory
leak when parsing empty config file lines.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 8 | ||||
| -rw-r--r-- | modules/pam_selinux/pam_selinux.c | 7 |
2 files changed, 9 insertions, 6 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index a13f9599..baa7f85a 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -307,10 +307,6 @@ static int process_line(char *line, const char *home, const char *rhome, const char *rvar_values[] = {rhome, idata->ruser}; int len; - poly = calloc(1, sizeof(*poly)); - if (poly == NULL) - goto erralloc; - /* * skip the leading white space */ @@ -337,6 +333,10 @@ static int process_line(char *line, const char *home, const char *rhome, if (line[0] == 0) return 0; + poly = calloc(1, sizeof(*poly)); + if (poly == NULL) + goto erralloc; + /* * Initialize and scan the five strings from the line from the * namespace configuration file. diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 64fabafd..c31278e9 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -642,10 +642,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (debug) pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", username, seuser, level); - free(seuser); free(level); } if (num_contexts > 0) { + free(seuser); default_user_context=strdup(contextlist[0]); freeconary(contextlist); if (default_user_context == NULL) { @@ -672,7 +672,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, } } else { - user_context = manual_context(pamh,seuser,debug); + if (seuser != NULL) { + user_context = manual_context(pamh,seuser,debug); + free(seuser); + } if (user_context == NULL) { pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", username); |