gmail.com with ESMTPSA id 8926c6da1cb9f-50149c85c1asm1841245173.111.2025.06.16.11.46.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Jun 2025 11:46:09 -0700 (PDT)
Date: Mon, 16 Jun 2025 18:46:08 +0000
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Cy Schubert <cy@freebsd.org>
Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, 
	dev-commits-src-main@freebsd.org
Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end
 of function
Message-ID: <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z>
X-Operating-System: FreeBSD mutt-hbsd 14.2-STABLE-HBSD FreeBSD
 14.2-STABLE-HBSD  HARDENEDBSD-14-STABLE amd64
X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
References: <202506161842.55GIgf9M052877@gitrepo.freebsd.org>
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="jol37ovfjjuqkati"
Content-Disposition: inline
In-Reply-To: <202506161842.55GIgf9M052877@gitrepo.freebsd.org>
X-Rspamd-Queue-Id: 4bLf941Tfdz3RRl
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]


--jol37ovfjjuqkati
Content-Type: text/plain; protected-headers=v1; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end
 of function
MIME-Version: 1.0

On Mon, Jun 16, 2025 at 06:42:41PM +0000, Cy Schubert wrote:
> The branch main has been updated by cy:
>=20
> URL: https://cgit.FreeBSD.org/src/commit/?id=3D98f18cd98824acdf1045e74615=
f2db0219019f0b
>=20
> commit 98f18cd98824acdf1045e74615f2db0219019f0b
> Author:     Cy Schubert <cy@FreeBSD.org>
> AuthorDate: 2025-06-16 18:40:51 +0000
> Commit:     Cy Schubert <cy@FreeBSD.org>
> CommitDate: 2025-06-16 18:42:30 +0000
>=20
>     pam_ksu: Move the realm free to end of function
>    =20
>     This avoids a use after free.
>    =20
>     Noted by:       jhb
> ---
>  lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pa=
m_ksu/pam_ksu.c
> index a6b3f043d3f4..e50c3e387311 100644
> --- a/lib/libpam/modules/pam_ksu/pam_ksu.c
> +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
> @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principa=
l principal,
>  		if ((rc =3D krb5_get_default_realm(context, &temp_realm)))
>  			return (rc);
>  		realm=3Dtemp_realm;
> -		if (temp_realm)
> -			free(temp_realm);
>  	}
>  	va_start(ap, realm);
>  	/*
> @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principa=
l principal,
>  	 */
>  	rc =3D krb5_build_principal_va(context, principal, strlen(realm), realm=
, ap);
>  	va_end(ap);
> +	if (temp_realm)
> +		free(temp_realm);

Hey Cy,

I think the call to free can be made unconditional as it's safe to
call free on a NULL pointer (which turns into a no-op).

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--jol37ovfjjuqkati
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmhQZmoACgkQ/y5nonf4
4fot1A//aMbSqF+uPkE0tdAgXNNX4gsYJ53y/9vOnQYypjqxdLYzGEUanf66t4ob
UeVj6dpjYm3NeaLq9HREK49X9HGqVZmqEd7KyE9VrVkgYjf5u+onUTSKjcZbgJ4x
F0UIPctegUALxDXIjytImQZznxRqo0JLub99YXoSEPbmjmYrTdMwpO6zS3g3RDHg
izDpxEw0k0DA1X4xq1O9AY4gBMHaYZ1deSN8TVp9SnJZjWtLk0a/Ca7nmT0agY5Z
awcZX/xC1cmXWw/k0stYa/Lwh+byf3Q0JF1aQQjpg33QvIYTh5dmG36gWOsKDAoy
VSlB7FLKlZ9Vn4fEeOqEYTBWeySLI84iSzJUkqBPXzai8kgPmsFWJ8lYLEkW9tEL
bPkY39Jh1vV0xUxGbtbm9ElqYZWiYgtysmFAvj2Knn2CCyQ8dL2jq9yFpdg9I0M8
hZ3taoejDmgzA/++ouJ5ayFgMTjlSKG3ZreopvDTuL2NSAzOLI2vsVjwvMEmRoXz
yInrL0rG4znP1sxzLcfUQEpCtw7cKWs0I9vc4Q5pFlc2hvQcm3y81Yb92s6K5/Ig
Ivq0yzKeCJpUpOE/LQCll+DitpkAPpGaVXtIkHvI2yyhKvMxKsyH/+rkSt215sH0
TCTwy11G/r5VSRKdPqdSCt24JPQtclXvQF4LPVedsQ2p5gVk27M=
=I6Qk
-----END PGP SIGNATURE-----

--jol37ovfjjuqkati--