From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00 2001
From: Robin Hack rhack@redhat.com Date: Fri, 15 Aug 2014 15:16:21 +0200 Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call fails.
--- modules/pam_filter/pam_filter.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index da98148..9935d99 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); + close(fd[0]); + } else { + /* Socket pair */ + close(fd[0]); + close(fd[1]); }
return PAM_AUTH_ERR;
Sorry for broken subject.
On Fri, Aug 15, 2014 at 09:05:20PM +0200, Robin Hack wrote:
From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00 2001 From: Robin Hack rhack@redhat.com Date: Fri, 15 Aug 2014 15:16:21 +0200 Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call fails.
modules/pam_filter/pam_filter.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index da98148..9935d99 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
close(fd[0]);
} else {
/* Socket pair */
close(fd[0]);
close(fd[1]);
}
return PAM_AUTH_ERR;
-- 1.9.3
Pam-developers mailing list Pam-developers@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/pam-developers
On Pá, 2014-08-15 at 21:05 +0200, Robin Hack wrote:
From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00 2001 From: Robin Hack rhack@redhat.com Date: Fri, 15 Aug 2014 15:16:21 +0200 Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call fails.
modules/pam_filter/pam_filter.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index da98148..9935d99 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
close(fd[0]);
} else {
/* Socket pair */
close(fd[0]);
close(fd[1]);
}
return PAM_AUTH_ERR;
OK, applied
pam-developers@lists.fedorahosted.org