+2011-03-18 Tomas Mraz <tm@t8m.info>
+
+ * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx.
+ * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly.
+ (protect_dir): Guard for -1 passing to close().
+ (ns_setup): Likewise.
+ (pam_sm_open_session): Correctly test for SELinux enabled flag.
+
2011-03-17 Tomas Mraz <tm@t8m.info>
* modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type.
{
int argc = 0, max_argc = 0;
char **argv, **new_argv, *buf, ch;
- const char *cp = 0;
- char *outcp = 0;
+ const char *cp = NULL;
+ char *outcp = NULL;
int state = STATE_WHITESPACE;
buf = malloc(strlen(in_buf)+1);
if (!buf)
return -1;
- max_argc = 0; argc = 0; argv = 0;
+ argv = NULL;
outcp = buf;
for (cp = in_buf; (ch = *cp); cp++) {
if (state == STATE_WHITESPACE) {
}
if (state != STATE_WHITESPACE)
*outcp++ = '\0';
- if (argv == 0) {
- argv = malloc(sizeof(char *));
+ if (ret_argv) {
+ if (argv == NULL) {
+ free(buf);
+ if ((argv=malloc(sizeof(char *))) == NULL)
+ return -1;
+ }
+ argv[argc] = NULL;
+ *ret_argv = argv;
+ } else {
free(buf);
+ free(argv);
}
- argv[argc] = 0;
if (ret_argc)
*ret_argc = argc;
- if (ret_argv)
- *ret_argv = argv;
return 0;
}
void argv_free(char **argv)
{
- if (*argv)
- free(*argv);
- free(argv);
+ if (argv) {
+ if (*argv)
+ free(*argv);
+ free(argv);
+ }
}
#ifdef DEBUG_ARGV_PARSE
MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
static void del_polydir(struct polydir_s *poly)
{
- free(poly->uid);
- free(poly->init_script);
- free(poly);
+ if (poly) {
+ free(poly->uid);
+ free(poly->init_script);
+ free(poly);
+ }
}
/*
error:
save_errno = errno;
free(p);
- if (dfd != AT_FDCWD)
+ if (dfd != AT_FDCWD && dfd >= 0)
close(dfd);
errno = save_errno;
return PAM_SESSION_ERR;
}
- if (retval < 0 && (polyptr->flags & POLYDIR_CREATE)) {
- if (create_polydir(polyptr, idata) != PAM_SUCCESS)
+ if (retval < 0) {
+ if ((polyptr->flags & POLYDIR_CREATE) &&
+ create_polydir(polyptr, idata) != PAM_SUCCESS)
return PAM_SESSION_ERR;
} else {
close(retval);
if (strcmp(argv[i], "unmnt_only") == 0)
unmnt = UNMNT_ONLY;
if (strcmp(argv[i], "require_selinux") == 0) {
- if (~(idata.flags & PAMNS_SELINUX_ENABLED)) {
+ if (!(idata.flags & PAMNS_SELINUX_ENABLED)) {
pam_syslog(idata.pamh, LOG_ERR,
"selinux_required option given and selinux is disabled");
return PAM_SESSION_ERR;