pam_namespace: free SELinux context

* modules/pam_namespace/pam_namespace.c [WITH_SELINUX] (form_context): Free SELinux context before returning. ``` Error: RESOURCE_LEAK (CWE-772): Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:928: alloc_arg: "getexeccon" allocates memory that is stored into "scon". Linux-PAM-1.6.0/modules/pam_namespace/pam_namespace.c:1004: leaked_storage: Variable "scon" going out of scope leaks the storage it points to. 1002| } 1003| /* Should never get here */ 1004|-> return PAM_SUCCESS; 1005| } 1006| #endif ``` Resolves: https://issues.redhat.com/browse/RHEL-36475 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
author: Iker Pedrosa <ipedrosa@redhat.com> 2024-05-22 12:25:34 +0200
committer: Dmitry V. Levin <ldv@strace.io> 2024-05-23 10:25:09 +0000
commit: 667204d7e3e4a0341c529f7566d62dd64dd80866 (patch)
tree: d235c3be8cedcc42987ee367c0c35b211b586ce1 /modules
parent: 1ca5bfed50bd9f6c2f1e3e36c2df3253923dadf6 (diff)
download: pam-667204d7e3e4a0341c529f7566d62dd64dd80866.tar.gz
pam-667204d7e3e4a0341c529f7566d62dd64dd80866.tar.bz2
pam-667204d7e3e4a0341c529f7566d62dd64dd80866.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index e499d95a..781dac20 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1003,6 +1003,7 @@ static int form_context(const struct polydir_s *polyptr,
 		return rc;
 	}
 	/* Should never get here */
+	freecon(scon);
 	return PAM_SUCCESS;
 }
 #endif
author	Iker Pedrosa <ipedrosa@redhat.com>	2024-05-22 12:25:34 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2024-05-23 10:25:09 +0000
commit	667204d7e3e4a0341c529f7566d62dd64dd80866 (patch)
tree	d235c3be8cedcc42987ee367c0c35b211b586ce1 /modules
parent	1ca5bfed50bd9f6c2f1e3e36c2df3253923dadf6 (diff)
download	pam-667204d7e3e4a0341c529f7566d62dd64dd80866.tar.gz pam-667204d7e3e4a0341c529f7566d62dd64dd80866.tar.bz2 pam-667204d7e3e4a0341c529f7566d62dd64dd80866.zip