From: Dmitry V. Levin <ldv@altlinux.org>
Date: Fri, 24 Jan 2014 13:38:38 +0000 (+0000)
Subject: pam_xauth: avoid potential SIGPIPE when writing to xauth process
X-Git-Tag: Linux-PAM-1_2_0~50
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=47db675c910a065fa9602753a904b050b0322f29;p=linux-pam

pam_xauth: avoid potential SIGPIPE when writing to xauth process

Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.

* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process,
close the read end of input pipe after writing to its write end.
---

diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 70755475..c7ce55ab 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -179,12 +179,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output,
 	}
 
 	/* We're the parent, so close the other ends of the pipes. */
-	close(ipipe[0]);
 	close(opipe[1]);
 	/* Send input to the process (if we have any), then send an EOF. */
 	if (input) {
 		(void)pam_modutil_write(ipipe[1], input, strlen(input));
 	}
+	close(ipipe[0]); /* close here to avoid possible SIGPIPE above */
 	close(ipipe[1]);
 
 	/* Read data output until we run out of stuff to read. */