From 5c58f28cb4fa9965d5755b0eb1d0fcbd593b51ca Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Thu, 11 Nov 2010 16:15:52 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-11-11  Tomas Mraz  <tm@t8m.info>

        * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix
        potential use after free in case SELinux is misconfigured.

        * modules/pam_namespace/pam_namespace.c (process_line): Fix memory
        leak when parsing empty config file lines.
---
 modules/pam_selinux/pam_selinux.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'modules/pam_selinux')

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 64fabafd..c31278e9 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -642,10 +642,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
 	  if (debug)
 		  pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
                              username, seuser, level);
-	  free(seuser);
 	  free(level);
   }
   if (num_contexts > 0) {
+    free(seuser);
     default_user_context=strdup(contextlist[0]);
     freeconary(contextlist);
     if (default_user_context == NULL) {
@@ -672,7 +672,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
     }
   }
   else { 
-      user_context = manual_context(pamh,seuser,debug);
+      if (seuser != NULL) {
+	user_context = manual_context(pamh,seuser,debug);
+	free(seuser);
+      }
       if (user_context == NULL) {
 	pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
 		    username);
-- 
cgit v1.2.3