From d00f6cb366b492de455f9b72fcbd2e49abf323e0 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 22 May 2024 11:20:02 +0200
Subject: pam_rootok: close the audit socket on error path

* modules/pam_rootok/pam_rootok.c (log_callback): Close the audit socket
if vasprintf returned an error.

```
Error: RESOURCE_LEAK (CWE-772):
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: open_fn: Returning handle opened by "audit_open".
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:59: var_assign: Assigning: "audit_fd" = handle returned from "audit_open()".
Linux-PAM-1.6.0/modules/pam_rootok/pam_rootok.c:69: leaked_handle: Handle variable "audit_fd" going out of scope leaks the handle.
67|           va_end(ap);
68|           if (ret < 0) {
69|->                 return 0;
70|           }
71|           audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
```

Resolves: https://issues.redhat.com/browse/RHEL-36475
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
 modules/pam_rootok/pam_rootok.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/pam_rootok')

diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index 6d2dfa07..1b88fb19 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -66,6 +66,7 @@ log_callback (int type UNUSED, const char *fmt, ...)
 	ret = vasprintf (&buf, fmt, ap);
 	va_end(ap);
 	if (ret < 0) {
+		audit_close(audit_fd);
 		return 0;
 	}
 	audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
-- 
cgit v1.2.3