On Pá, 2014-08-15 at 21:05 +0200, Robin Hack wrote:
From 4c4d71073a8db35f7ea3762e508f6376c77596f5 Mon Sep 17 00:00:00
2001
From: Robin Hack <rhack(a)redhat.com>
Date: Fri, 15 Aug 2014 15:16:21 +0200
Subject: [PATCH 1/3] pam_filter: Avoid leaking descriptors when fork() call
fails.
---
modules/pam_filter/pam_filter.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index da98148..9935d99 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -341,6 +341,11 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
pam_syslog(pamh, LOG_WARNING, "first fork failed: %m");
if (aterminal) {
(void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
+ close(fd[0]);
+ } else {
+ /* Socket pair */
+ close(fd[0]);
+ close(fd[1]);
}
return PAM_AUTH_ERR;
OK, applied
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)