From fd7a9af87637c0b5c3fefa59714a2888fff4f4af Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 21 Jun 2007 22:28:40 +0000
Subject: [PATCH] free message if set by authenticate()

---
 auth/aix_auth.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/auth/aix_auth.c b/auth/aix_auth.c
index f756d19fb..05bc369d1 100644
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -50,6 +50,10 @@
 __unused static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
+/*
+ * For a description of the AIX authentication API, see
+ * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
+ */
 int
 aixauth_verify(pw, prompt, auth)
     struct passwd *pw;
@@ -57,14 +61,16 @@ aixauth_verify(pw, prompt, auth)
     sudo_auth *auth;
 {
     char *pass;
-    char *message;
+    char *message = NULL;
     int reenter = 1;
     int rval = AUTH_FAILURE;
 
     pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
     if (pass) {
-	if (authenticate(pw->pw_name, (char *)pass, &reenter, &message) == 0)
+	/* XXX - should probably print message on failure. */
+	if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
 	    rval = AUTH_SUCCESS;
+	free(message);
 	zero_bytes(pass, strlen(pass));
     }
     return(rval);
-- 
2.40.0