CVS commit: src/lib/libpam/modules/pam_krb5

Wed, 27 Sep 2023 19:31:15 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Thu Sep 28 02:31:05 UTC 2023

Modified Files:
        src/lib/libpam/modules/pam_krb5: pam_krb5.c

Log Message:
pam_krb5: Fix PR lib/57631.

Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing.  Evidently we need automatic
tests for this pam business.

XXX pullup-10
XXX pullup-9
XXX pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/lib/libpam/modules/pam_krb5/pam_krb5.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libpam/modules/pam_krb5/pam_krb5.c
diff -u src/lib/libpam/modules/pam_krb5/pam_krb5.c:1.31 src/lib/libpam/modules/pam_krb5/pam_krb5.c:1.32
--- src/lib/libpam/modules/pam_krb5/pam_krb5.c:1.31	Tue Jun 20 22:17:18 2023
+++ src/lib/libpam/modules/pam_krb5/pam_krb5.c	Thu Sep 28 02:31:04 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_krb5.c,v 1.31 2023/06/20 22:17:18 riastradh Exp $	*/
+/*	$NetBSD: pam_krb5.c,v 1.32 2023/09/28 02:31:04 riastradh Exp $	*/
 
 /*-
  * This pam_krb5 module contains code that is:
@@ -53,7 +53,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.c,v 1.22 2005/01/24 16:49:50 rwatson Exp $");
 #else
-__RCSID("$NetBSD: pam_krb5.c,v 1.31 2023/06/20 22:17:18 riastradh Exp $");
+__RCSID("$NetBSD: pam_krb5.c,v 1.32 2023/09/28 02:31:04 riastradh Exp $");
 #endif
 
 #include <sys/types.h>
@@ -341,7 +341,6 @@ pam_sm_authenticate(pam_handle_t *pamh, 
 	krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup,
 	    debug,
 	    auth_service, auth_princ, auth_phost, &auth_data);
-	free(srvdup);
 	if (krbret == -1) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		krb5_cc_destroy(pam_context, ccache);
@@ -955,6 +954,7 @@ verify_krb_v5_tgt_begin(krb5_context con
 	const char *services[3], **service;
 
 	*servicep = NULL;
+	*princp = NULL;
 
 	if (debug)
 		openlog_r("pam_krb5", LOG_PID, LOG_AUTHPRIV, datap);
@@ -996,6 +996,8 @@ verify_krb_v5_tgt_begin(krb5_context con
 		    &keyblock);
 		if (retval != 0)
 			continue;
+		*servicep = *service;
+		*princp = princ;
 		break;
 	}
 	if (keyblock)

Reply via email to