[PATCH] FIx segfault in pam_winbind - bso #11502
Michael Adam
obnox at samba.org
Tue Sep 8 16:27:19 UTC 2015
On 2015-09-08 at 17:44 +0200, Michael Adam wrote:
> On 2015-09-08 at 16:53 +0200, Andreas Schneider wrote:
> > Hi,
> >
> > the attached patch fixes a NULL pointer deref of ctx in
> > _PAM_LOG_FUNCTION_LEAVE().
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=11502
> >
> >
> > Please review and push if it is ok.
>
> LGTM - Pushed to autobuild.
Er... one thing:
Some hunks create unused 'out:' goto markers.
We should remove these (or else the developer build fails).
Attached find a modified version of your patch.
Michael
-------------- next part --------------
From e0bb14b367f4f9b45fb9a32d2f23a337b30696bc Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Tue, 8 Sep 2015 16:48:08 +0200
Subject: [PATCH] pam_winbind: Fix a segfault if initialization fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
---
nsswitch/pam_winbind.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 1e16741..a2d9f3b 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2489,7 +2489,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
retval = _pam_winbind_init_context(pamh, flags, argc, argv, type, &ctx);
if (retval) {
- goto out;
+ return retval;
}
_PAM_LOG_FUNCTION_ENTER("_pam_delete_cred", ctx);
@@ -2625,7 +2625,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
retval = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_AUTHENTICATE, &ctx);
if (retval) {
- goto out;
+ return retval;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_authenticate", ctx);
@@ -2777,7 +2777,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
ret = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_SETCRED, &ctx);
if (ret) {
- goto out;
+ return ret;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_setcred", ctx);
@@ -2808,8 +2808,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
break;
}
- out:
-
_PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret);
TALLOC_FREE(ctx);
@@ -2833,7 +2831,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
ret = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_ACCT_MGMT, &ctx);
if (ret) {
- goto out;
+ return ret;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_acct_mgmt", ctx);
@@ -2929,7 +2927,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
ret = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_OPEN_SESSION, &ctx);
if (ret) {
- goto out;
+ return ret;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_open_session", ctx);
@@ -2938,7 +2936,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
/* check and create homedir */
ret = _pam_mkhomedir(ctx);
}
- out:
+
_PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret);
TALLOC_FREE(ctx);
@@ -2956,12 +2954,11 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
ret = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_CLOSE_SESSION, &ctx);
if (ret) {
- goto out;
+ return ret;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_close_session", ctx);
-out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, ret);
TALLOC_FREE(ctx);
@@ -3043,7 +3040,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = _pam_winbind_init_context(pamh, flags, argc, argv,
PAM_WINBIND_CHAUTHTOK, &ctx);
if (ret) {
- goto out;
+ return ret;
}
_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
--
2.4.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150908/831f6974/attachment.sig>
More information about the samba-technical
mailing list