From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00 2001
From: Robin Hack rhack@redhat.com Date: Fri, 15 Aug 2014 15:16:21 +0200 Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call fails.
--- modules/pam_filter/pam_filter.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index da98148..9935d99 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); + close(fd[0]); + } else { + /* Socket pair */ + close(fd[0]); + close(fd[1]); }
return PAM_AUTH_ERR;