From b66f2f941f5dd41710b0e3f3251d5d664602911f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Mon, 24 Nov 2008 14:06:15 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2008-11-24  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Fix leaks
        in error path.
        * modules/pam_env/pam_env.c(_parse_env_file): Remove superfluous
        condition.
        * modules/pam_group/pam_group.c(check_account): Fix leak
        in error path.
        * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Fix leak
        in error path.
        * modules/pam_securetty/pam_securetty.c(securetty_perform_check): Remove
        superfluous condition.
        * modules/pam_stress/pam_stress.c(stress_get_password,pam_sm_authenticate):
        Remove superfluous conditions.
        (pam_sm_chauthtok): Fix mistaken && for &.
        * modules/pam_unix/pam_unix_auth.c(pam_sm_authenticate): Remove
        superfluous condition.
        All the problems fixed in this commit were found by Steve Grubb.
---
 modules/pam_cracklib/pam_cracklib.c   | 2 ++
 modules/pam_env/pam_env.c             | 2 +-
 modules/pam_group/pam_group.c         | 2 +-
 modules/pam_listfile/pam_listfile.c   | 1 +
 modules/pam_securetty/pam_securetty.c | 2 +-
 modules/pam_stress/pam_stress.c       | 7 +++----
 modules/pam_unix/pam_unix_auth.c      | 2 +-
 7 files changed, 10 insertions(+), 8 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 2c4cd4a0..b94f8596 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -692,6 +692,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	}
 
         if (retval != PAM_SUCCESS) {
+	    token1 = _pam_delete(token1);
             if (ctrl & PAM_DEBUG_ARG)
                 pam_syslog(pamh,LOG_DEBUG,"unable to obtain a password");
             continue;
@@ -756,6 +757,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	    if (retval != PAM_SUCCESS) {
 	      if (ctrl & PAM_DEBUG_ARG)
                 pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password");
+	      token1 = _pam_delete(token1);
 	      continue;
 	    }
 
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 80a20cd6..a8cd2c8f 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -211,7 +211,7 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file)
 	key += strspn(key, " \n\t");
 
 	/* skip blanks lines and comments */
-	if (!key || key[0] == '#')
+	if (key[0] == '#')
 	    continue;
 
 	/* skip over "export " if present so we can be compat with
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 4a54da14..bddcf1cb 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -603,7 +603,7 @@ static int check_account(pam_handle_t *pamh, const char *service,
 	if (getgroups(no_grps, grps) < 0) {
 	    D(("getgroups call failed"));
 	    no_grps = 0;
-	    grps = NULL;
+	    _pam_drop(grps);
 	}
 #ifdef DEBUG
 	{
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index f276e5b8..dbd92058 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -239,6 +239,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     retval = pam_get_item(pamh,citem,&void_citemp);
     citemp = void_citemp;
     if(retval != PAM_SUCCESS) {
+	free(ifname);
 	return onerr;
     }
     if((citem == PAM_USER) && !citemp) {
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index 9dbe9bc4..ec796d9e 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -152,7 +152,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 
 	    retval = PAM_AUTH_ERR;
     } else {
-	if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
+	if (ctrl & PAM_DEBUG_ARG) {
 	    pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
 		     username, uttyname);
 	}
diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c
index c254868f..01587fea 100644
--- a/modules/pam_stress/pam_stress.c
+++ b/modules/pam_stress/pam_stress.c
@@ -197,8 +197,7 @@ static int stress_get_password(pam_handle_t *pamh, int flags
                }
 	       return PAM_CONV_ERR;
 	  }
-	  if (resp)
-	       free(resp);
+	  free(resp);
      }
 
      *password = pass;             /* this *MUST* be free()'d by this module */
@@ -238,7 +237,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	      retval = PAM_USER_UNKNOWN; /* username was null */
 	  return retval;
      }
-     else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) {
+     else if (ctrl & PAM_ST_DEBUG) {
 	  pam_syslog(pamh, LOG_DEBUG,
 		     "pam_sm_authenticate: username = %s", username);
      }
@@ -426,7 +425,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	  if (ctrl & PAM_ST_FAIL_1)
 	       return PAM_AUTHTOK_LOCK_BUSY;
 
-	  if ( !(ctrl && PAM_ST_EXPIRED)
+	  if ( !(ctrl & PAM_ST_EXPIRED)
 	       && (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
 	       && (pam_get_data(pamh,"stress_new_pwd", &text)
 		      != PAM_SUCCESS || strcmp(text,"yes"))) {
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index dfedd608..05b5ec6c 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -132,7 +132,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
 			retval = PAM_USER_UNKNOWN;
 			AUTH_RETURN;
 		}
-		if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
+		if (on(UNIX_DEBUG, ctrl))
 			D(("username [%s] obtained", name));
 	} else {
 		D(("trouble reading username"));
-- 
cgit v1.2.3