summaryrefslogtreecommitdiff
path: root/modules/pam_selinux
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2010-11-11 16:15:52 +0000
committerTomas Mraz <tm@t8m.info>2010-11-11 16:15:52 +0000
commit5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca (patch)
tree7f0720b9cbf658d49aef6a5653f2e94a14e87b1c /modules/pam_selinux
parent46cdce51ed99e5b86c613fb19dafa973c219d255 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
Diffstat (limited to 'modules/pam_selinux')
-rw-r--r--modules/pam_selinux/pam_selinux.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 64fabafd..c31278e9 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -642,10 +642,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (debug)
pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
username, seuser, level);
- free(seuser);
free(level);
}
if (num_contexts > 0) {
+ free(seuser);
default_user_context=strdup(contextlist[0]);
freeconary(contextlist);
if (default_user_context == NULL) {
@@ -672,7 +672,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
}
}
else {
- user_context = manual_context(pamh,seuser,debug);
+ if (seuser != NULL) {
+ user_context = manual_context(pamh,seuser,debug);
+ free(seuser);
+ }
if (user_context == NULL) {
pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
username);