Sorry for broken subject.
On Fri, Aug 15, 2014 at 09:05:20PM +0200, Robin Hack wrote:
From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00
2001
From: Robin Hack <rhack(a)redhat.com>
Date: Fri, 15 Aug 2014 15:16:21 +0200
Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call
fails.
---
modules/pam_filter/pam_filter.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index da98148..9935d99 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
if (aterminal) {
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
+ close(fd[0]);
+ } else {
+ /* Socket pair */
+ close(fd[0]);
+ close(fd[1]);
}
return PAM_AUTH_ERR;
--
1.9.3
_______________________________________________
Pam-developers mailing list
Pam-developers(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/pam-developers