From d1963687081754796ab643569a882ba6636a44c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 23 Mar 2020 19:54:00 +0100
Subject: pam_selinux: sanitize asprintf argument on failure

---
 modules/pam_selinux/pam_selinux.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules')

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 57b02bac..5b7dd277 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -103,6 +103,7 @@ send_audit_message(pam_handle_t *pamh, int success, const char *default_context,
 	if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
 		     default_raw ? default_raw : (default_context ? default_context : "?"),
 		     selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
+		msg = NULL; /* asprintf leaves msg in undefined state on failure */
 		pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
 		goto out;
 	}
-- 
cgit v1.2.3