From nobody Mon Jun 16 18:46:08 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bLf94639Tz5yGXg for ; Mon, 16 Jun 2025 18:46:16 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bLf941Tfdz3RRl for ; Mon, 16 Jun 2025 18:46:16 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-x12b.google.com with SMTP id e9e14a558f8ab-3d948ce7d9dso21202915ab.2 for ; Mon, 16 Jun 2025 11:46:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1750099570; x=1750704370; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=siKOuYyHEbqeuuTIg0Ugi3IJlpxeABDJN8Yuq1T+iiE=; b=hr6OPOz4D5S0W4lbxx8dAdBVGwls8X7/xf+j9Ko2BN+TY3QXMU/yIehK3Nb707DReS sOBhy/PoEUyT5sxfIV4phfwxcCqvbefAFoOc1rFdjAdg6Ai2SOvaMiSwMPUNcLf/jOEy cM7C4yn01ywkbv/udH0ObMhRH6uk1qteUtQkqXKLlNMHzLZ4vjqQnwL/qnEoV6sqZvvf wNFv2UsVZLKsfRdgVEek92JNYXQXzoxvS3VCHyRupBBHen4n5FFuZURNn1Cl0c1Kgo/x 2VOdRyhQidKIoxklLhxZGe/4G5ohydVGoZPL2+xAcnUnjz9qJnu0X2Caz07rheSA2lIj UE8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750099570; x=1750704370; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=siKOuYyHEbqeuuTIg0Ugi3IJlpxeABDJN8Yuq1T+iiE=; b=b0aslyo/1e0GGgkPiOSQOrkDaejNeAb/u5Ty1+IQ8QL3C7rsrQJYPJJ5mvMhl+VLzH A6rYxc6K4b7lFzXNwZzpOwvO7fqD7suQCxpMMlnXV5xr8lDRPygiHQvBawNFiMjGADmO aZX4m/4r5erZoK3kQfB1BX1rOVgUn3H8gjBwmc2545MMarnuYP49Fbui8Fl6bQs4i+C5 e6oeccKsO7V143o5KCZhlvZxS04Uf5R4/beaTqWPn6A2TYm1MUi+0jG7g8+yjpTsELKX qVkfMNGl0WRLSK9hXfg7PUnb+HhW4T9K2exxoJ7+oI2uqs4k1YFfjv/m7dOGV8YxAmkD GgzQ== X-Forwarded-Encrypted: i=1; AJvYcCVc202JtuMTUL9VFIcveLvDlS5FLFqlPNGHP7J67xH96QD9s4QzqB51M4zHJ4drZgL4uRKaXDiTr1x9pd7TuA+NDDb9Og==@freebsd.org X-Gm-Message-State: AOJu0Yy9AsLwoSoZU6n4PNY+8oHbF/wLE+VGXEm3a7NZ+1DZ2Prt0oTz KNohM2Fjpl/tLvuFsH1HOQkFS/QHmF+AoEh3lXGSjQwogPNF1IrOJuBeT3coVxW33jE= X-Gm-Gg: ASbGncsAGbmLo2ymYzprKOpByb8tPPYuR6l8Ki6MymaiXTY74LMPyIzmdpl9pBmCCTY VXqiPK5EOH6HfistwWDRoFB721RRaaqnGVpJybaHcFMPoEl7GE53hsNB7SzOBXgGUUw+lTIJPQm j9avkEag+z2tIbacz75ekYOpSVXHKCrHXY2B/dYfXE7umnSy5pCarqBQRM59dZ6Q4CmXHk/oOug bTuKdoc/O4MTMfPCYux+flrOaOLxNt+vOOCifHnsOekxgL4hqsJLjSL+moO44UyIo8shkVn3dXz 8QLZqmq11lLIeznBmP2VYZpafH7E7HoaPdzGu4vwECcq X-Google-Smtp-Source: AGHT+IFStLPGyMq2rw2HLOWr9l8aYjEC/1NS1riofHILyRUUvnZZmvz9VlAaUQeEEHpZ8vVtrI7Z+w== X-Received: by 2002:a05:6e02:1fe7:b0:3dd:88da:e804 with SMTP id e9e14a558f8ab-3de07d1bb31mr127017115ab.18.1750099570054; Mon, 16 Jun 2025 11:46:10 -0700 (PDT) Received: from mutt-hbsd ([2001:470:4001:1::95]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-50149c85c1asm1841245173.111.2025.06.16.11.46.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Jun 2025 11:46:09 -0700 (PDT) Date: Mon, 16 Jun 2025 18:46:08 +0000 From: Shawn Webb To: Cy Schubert Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function Message-ID: X-Operating-System: FreeBSD mutt-hbsd 14.2-STABLE-HBSD FreeBSD 14.2-STABLE-HBSD HARDENEDBSD-14-STABLE amd64 X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202506161842.55GIgf9M052877@gitrepo.freebsd.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jol37ovfjjuqkati" Content-Disposition: inline In-Reply-To: <202506161842.55GIgf9M052877@gitrepo.freebsd.org> X-Rspamd-Queue-Id: 4bLf941Tfdz3RRl X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --jol37ovfjjuqkati Content-Type: text/plain; protected-headers=v1; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function MIME-Version: 1.0 On Mon, Jun 16, 2025 at 06:42:41PM +0000, Cy Schubert wrote: > The branch main has been updated by cy: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D98f18cd98824acdf1045e74615= f2db0219019f0b >=20 > commit 98f18cd98824acdf1045e74615f2db0219019f0b > Author: Cy Schubert > AuthorDate: 2025-06-16 18:40:51 +0000 > Commit: Cy Schubert > CommitDate: 2025-06-16 18:42:30 +0000 >=20 > pam_ksu: Move the realm free to end of function > =20 > This avoids a use after free. > =20 > Noted by: jhb > --- > lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pa= m_ksu/pam_ksu.c > index a6b3f043d3f4..e50c3e387311 100644 > --- a/lib/libpam/modules/pam_ksu/pam_ksu.c > +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c > @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principa= l principal, > if ((rc =3D krb5_get_default_realm(context, &temp_realm))) > return (rc); > realm=3Dtemp_realm; > - if (temp_realm) > - free(temp_realm); > } > va_start(ap, realm); > /* > @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principa= l principal, > */ > rc =3D krb5_build_principal_va(context, principal, strlen(realm), realm= , ap); > va_end(ap); > + if (temp_realm) > + free(temp_realm); Hey Cy, I think the call to free can be made unconditional as it's safe to call free on a NULL pointer (which turns into a no-op). Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Signal Username: shawn_webb.74 Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --jol37ovfjjuqkati Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmhQZmoACgkQ/y5nonf4 4fot1A//aMbSqF+uPkE0tdAgXNNX4gsYJ53y/9vOnQYypjqxdLYzGEUanf66t4ob UeVj6dpjYm3NeaLq9HREK49X9HGqVZmqEd7KyE9VrVkgYjf5u+onUTSKjcZbgJ4x F0UIPctegUALxDXIjytImQZznxRqo0JLub99YXoSEPbmjmYrTdMwpO6zS3g3RDHg izDpxEw0k0DA1X4xq1O9AY4gBMHaYZ1deSN8TVp9SnJZjWtLk0a/Ca7nmT0agY5Z awcZX/xC1cmXWw/k0stYa/Lwh+byf3Q0JF1aQQjpg33QvIYTh5dmG36gWOsKDAoy VSlB7FLKlZ9Vn4fEeOqEYTBWeySLI84iSzJUkqBPXzai8kgPmsFWJ8lYLEkW9tEL bPkY39Jh1vV0xUxGbtbm9ElqYZWiYgtysmFAvj2Knn2CCyQ8dL2jq9yFpdg9I0M8 hZ3taoejDmgzA/++ouJ5ayFgMTjlSKG3ZreopvDTuL2NSAzOLI2vsVjwvMEmRoXz yInrL0rG4znP1sxzLcfUQEpCtw7cKWs0I9vc4Q5pFlc2hvQcm3y81Yb92s6K5/Ig Ivq0yzKeCJpUpOE/LQCll+DitpkAPpGaVXtIkHvI2yyhKvMxKsyH/+rkSt215sH0 TCTwy11G/r5VSRKdPqdSCt24JPQtclXvQF4LPVedsQ2p5gVk27M= =I6Qk -----END PGP SIGNATURE----- --jol37ovfjjuqkati--