pam_xauth: avoid potential SIGPIPE when writing to xauth process

Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.

* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process,
close the read end of input pipe after writing to its write end.

diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 70755475985bc3c33c7f5aed2d4ed975f54900ad..c7ce55ab4056ccb3d3ce7ef6de33b78410d063d0 100644 (file)
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -179,12 +179,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output,
        }
 
        /* We're the parent, so close the other ends of the pipes. */
-       close(ipipe[0]);
        close(opipe[1]);
        /* Send input to the process (if we have any), then send an EOF. */
        if (input) {
                (void)pam_modutil_write(ipipe[1], input, strlen(input));
        }
+       close(ipipe[0]); /* close here to avoid possible SIGPIPE above */
        close(ipipe[1]);
 
        /* Read data output until we run out of stuff to read. */