From f052833acfa231b68d024fef7637883d81400e42 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 18 Mar 2011 23:15:54 +0000 Subject: [PATCH] Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2011-03-18 Tomas Mraz * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. (protect_dir): Guard for -1 passing to close(). (ns_setup): Likewise. (pam_sm_open_session): Correctly test for SELinux enabled flag. --- ChangeLog | 8 ++++++++ modules/pam_namespace/argv_parse.c | 29 +++++++++++++++++---------- modules/pam_namespace/md5.c | 2 +- modules/pam_namespace/pam_namespace.c | 17 +++++++++------- 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index f787b764..24318182 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2011-03-18 Tomas Mraz + + * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. + * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. + (protect_dir): Guard for -1 passing to close(). + (ns_setup): Likewise. + (pam_sm_open_session): Correctly test for SELinux enabled flag. + 2011-03-17 Tomas Mraz * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. diff --git a/modules/pam_namespace/argv_parse.c b/modules/pam_namespace/argv_parse.c index acc76d74..40510542 100644 --- a/modules/pam_namespace/argv_parse.c +++ b/modules/pam_namespace/argv_parse.c @@ -44,15 +44,15 @@ int argv_parse(const char *in_buf, int *ret_argc, char ***ret_argv) { int argc = 0, max_argc = 0; char **argv, **new_argv, *buf, ch; - const char *cp = 0; - char *outcp = 0; + const char *cp = NULL; + char *outcp = NULL; int state = STATE_WHITESPACE; buf = malloc(strlen(in_buf)+1); if (!buf) return -1; - max_argc = 0; argc = 0; argv = 0; + argv = NULL; outcp = buf; for (cp = in_buf; (ch = *cp); cp++) { if (state == STATE_WHITESPACE) { @@ -111,23 +111,30 @@ int argv_parse(const char *in_buf, int *ret_argc, char ***ret_argv) } if (state != STATE_WHITESPACE) *outcp++ = '\0'; - if (argv == 0) { - argv = malloc(sizeof(char *)); + if (ret_argv) { + if (argv == NULL) { + free(buf); + if ((argv=malloc(sizeof(char *))) == NULL) + return -1; + } + argv[argc] = NULL; + *ret_argv = argv; + } else { free(buf); + free(argv); } - argv[argc] = 0; if (ret_argc) *ret_argc = argc; - if (ret_argv) - *ret_argv = argv; return 0; } void argv_free(char **argv) { - if (*argv) - free(*argv); - free(argv); + if (argv) { + if (*argv) + free(*argv); + free(argv); + } } #ifdef DEBUG_ARGV_PARSE diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c index 3094a130..c79fb357 100644 --- a/modules/pam_namespace/md5.c +++ b/modules/pam_namespace/md5.c @@ -148,7 +148,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); byteReverse((unsigned char *) ctx->buf, 4); memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */ diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index baa7f85a..c47599e0 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -61,9 +61,11 @@ static void add_polydir_entry(struct instance_data *idata, static void del_polydir(struct polydir_s *poly) { - free(poly->uid); - free(poly->init_script); - free(poly); + if (poly) { + free(poly->uid); + free(poly->init_script); + free(poly); + } } /* @@ -1093,7 +1095,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, error: save_errno = errno; free(p); - if (dfd != AT_FDCWD) + if (dfd != AT_FDCWD && dfd >= 0) close(dfd); errno = save_errno; @@ -1453,8 +1455,9 @@ static int ns_setup(struct polydir_s *polyptr, return PAM_SESSION_ERR; } - if (retval < 0 && (polyptr->flags & POLYDIR_CREATE)) { - if (create_polydir(polyptr, idata) != PAM_SUCCESS) + if (retval < 0) { + if ((polyptr->flags & POLYDIR_CREATE) && + create_polydir(polyptr, idata) != PAM_SUCCESS) return PAM_SESSION_ERR; } else { close(retval); @@ -1966,7 +1969,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "unmnt_only") == 0) unmnt = UNMNT_ONLY; if (strcmp(argv[i], "require_selinux") == 0) { - if (~(idata.flags & PAMNS_SELINUX_ENABLED)) { + if (!(idata.flags & PAMNS_SELINUX_ENABLED)) { pam_syslog(idata.pamh, LOG_ERR, "selinux_required option given and selinux is disabled"); return PAM_SESSION_ERR; -- 2.40.0