Date: Mon, 16 Jun 2025 18:42:41 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function Message-ID: <202506161842.55GIgf9M052877@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=98f18cd98824acdf1045e74615f2db0219019f0b commit 98f18cd98824acdf1045e74615f2db0219019f0b Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2025-06-16 18:40:51 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2025-06-16 18:42:30 +0000 pam_ksu: Move the realm free to end of function This avoids a use after free. Noted by: jhb --- lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pam_ksu/pam_ksu.c index a6b3f043d3f4..e50c3e387311 100644 --- a/lib/libpam/modules/pam_ksu/pam_ksu.c +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principal principal, if ((rc = krb5_get_default_realm(context, &temp_realm))) return (rc); realm=temp_realm; - if (temp_realm) - free(temp_realm); } va_start(ap, realm); /* @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principal principal, */ rc = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); va_end(ap); + if (temp_realm) + free(temp_realm); return (rc); } #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506161842.55GIgf9M052877>