Relevant BUGIDs:

author Tomas Mraz <tm@t8m.info>

Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)

committer Tomas Mraz <tm@t8m.info>

Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)
author Tomas Mraz <tm@t8m.info>
Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)
committer Tomas Mraz <tm@t8m.info>
Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)
diff --git a/ChangeLog b/ChangeLog

index 247a4f146561cdd4b4534af503f6f0029db75d61..9a7baef57dccbd95d189f371670d679bce5853d8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2010-11-11  Tomas Mraz  <tm@t8m.info>
+
+       * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
+       potential use after free in case SELinux is misconfigured.
+
+       * modules/pam_namespace/pam_namespace.c (process_line): Fix memory
+       leak when parsing empty config file lines.
+
  2010-10-28  Thorsten Kukuk  <kukuk@thkukuk.de>
  
         * release version 1.1.3
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c

index a13f9599e26822a8d819b53542be7cf58e6a851a..baa7f85ab2150d20ba1bb695fb5df5c93542b138 100644 (file)
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -307,10 +307,6 @@ static int process_line(char *line, const char *home, const char *rhome,
      const char *rvar_values[] = {rhome, idata->ruser};
      int len;
  
-    poly = calloc(1, sizeof(*poly));
-    if (poly == NULL)
-       goto erralloc;
-
      /*
       * skip the leading white space
       */
@@ -337,6 +333,10 @@ static int process_line(char *line, const char *home, const char *rhome,
      if (line[0] == 0)
          return 0;
  
+    poly = calloc(1, sizeof(*poly));
+    if (poly == NULL)
+       goto erralloc;
+
      /*
       * Initialize and scan the five strings from the line from the
       * namespace configuration file.
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c

index 64fabafdda55652d32c4a0cb55bd8d7999283b4a..c31278e9839aacc3559a955059fcb9f4681bab15 100644 (file)
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -642,10 +642,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
           if (debug)
                   pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
                               username, seuser, level);
-         free(seuser);
           free(level);
    }
    if (num_contexts > 0) {
+    free(seuser);
      default_user_context=strdup(contextlist[0]);
      freeconary(contextlist);
      if (default_user_context == NULL) {
@@ -672,7 +672,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
      }
    }
    else { 
-      user_context = manual_context(pamh,seuser,debug);
+      if (seuser != NULL) {
+       user_context = manual_context(pamh,seuser,debug);
+       free(seuser);
+      }
        if (user_context == NULL) {
         pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
                     username);
author	Tomas Mraz <tm@t8m.info>
	Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)
committer	Tomas Mraz <tm@t8m.info>
	Thu, 11 Nov 2010 16:15:52 +0000 (16:15 +0000)
ChangeLog		patch \| blob \| history
modules/pam_namespace/pam_namespace.c		patch \| blob \| history
modules/pam_selinux/pam_selinux.c		patch \| blob \| history