From 6834e0dd1dcae917caa464d1fe124c2f6c6116f4 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Fri, 15 Dec 2023 10:13:23 +0100
Subject: pam_xauth: check strdup return value

Treat NULL as error just as if cookiefile is constructed manually.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_xauth/pam_xauth.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules/pam_xauth')

diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index d5e99c9f..ed86130e 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -501,6 +501,10 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	/* Figure out where the source user's .Xauthority file is. */
 	if (getenv(XAUTHENV) != NULL) {
 		cookiefile = strdup(getenv(XAUTHENV));
+		if (cookiefile == NULL) {
+			retval = PAM_SESSION_ERR;
+			goto cleanup;
+		}
 	} else {
 		cookiefile = malloc(strlen(rpwd->pw_dir) + 1 +
 				    strlen(XAUTHDEF) + 1);
-- 
cgit v1.2.3