From: Tomas Mraz Date: Fri, 16 Aug 2013 16:05:55 +0000 (+0200) Subject: Pull PAM environment variables also from session modules. X-Git-Tag: cronie1.4.12~17^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c8e7d1b43c86a85441cb09cf7e08090f3ec1f384;p=cronie Pull PAM environment variables also from session modules. - also fix memory leak of environment returned by pam_getenvlist() --- diff --git a/src/security.c b/src/security.c index c5fbc5e..4eee004 100644 --- a/src/security.c +++ b/src/security.c @@ -129,15 +129,13 @@ int cron_set_job_security_context(entry *e, user *u ATTRIBUTE_UNUSED, } #endif - *jobenv = build_env(e->envp); - #ifdef WITH_SELINUX /* we must get the crontab context BEFORE changing user, else * we'll not be permitted to read the cron spool directory :-) */ security_context_t ucontext = 0; - if (cron_get_job_range(u, &ucontext, *jobenv) < OK) { + if (cron_get_job_range(u, &ucontext, e->envp) < OK) { log_it(e->pwd->pw_name, getpid(), "ERROR", "failed to get SELinux context", 0); return -1; @@ -165,6 +163,8 @@ int cron_set_job_security_context(entry *e, user *u ATTRIBUTE_UNUSED, return -1; } + *jobenv = build_env(e->envp); + time_t job_run_time = time(0L); if ((minutely_time > 0) && ((job_run_time / 60) != (minutely_time / 60))) { @@ -615,11 +615,18 @@ int crontab_security_access(void) { */ static char **build_env(char **cronenv) { #ifdef WITH_PAM - char **jobenv; - char **pamenv = pam_getenvlist(pamh); + char **jobenv = pam_getenvlist(pamh); char *cronvar; int count = 0; - jobenv = env_copy(pamenv); + + if (jobenv == NULL) { + jobenv = env_init(); + if (jobenv == NULL) { + log_it("CRON", getpid(), + "ERROR", "Initialization of cron environment variables failed", 0); + return NULL; + } + } /* Now add the cron environment variables. Since env_set() * overwrites existing variables, this will let cron's