>From 5f92386a1fe468e129e3f3a3afeb6bc6fdb74f93 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 6 Apr 2012 21:45:16 +0200
Subject: [PATCH] pam_sss: improve error handling in SELinux code

---
 src/sss_client/pam_sss.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index ccebe60c18b8c08cc1c6114488413758f84d5eab..f4b8856a63f083cb79e582264d84644d21d1c21c 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1195,6 +1195,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
 
             oldmask = umask(022);
             fd = mkstemp(tmp_path);
+            umask(oldmask);
             if (fd < 0) {
                 logger(pamh, LOG_ERR, "creating the temp file for SELinux "
                        "data failed. %s", tmp_path);
@@ -1223,9 +1224,6 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
             close(fd);
 
             rename(tmp_path, path);
-            free(path);
-            free(tmp_path);
-            umask(oldmask);
 #endif /* HAVE_SELINUX */
             break;
         case SSS_PAM_SETCRED:
@@ -1242,6 +1240,10 @@ done:
         free(buf);
     }
     free(repbuf);
+#ifdef HAVE_SELINUX
+    free(path);
+    free(tmp_path);
+#endif /* HAVE_SELINUX */
 
     return pam_status;
 }
-- 
1.7.7.6