Date: Mon, 16 Jun 2025 11:52:49 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Cy Schubert <cy@freebsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function Message-ID: <20250616185249.CF79711A@slippy.cwsent.com> In-Reply-To: <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z> References: <202506161842.55GIgf9M052877@gitrepo.freebsd.org> <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z> , S hawn Webb writes: > > > --jol37ovfjjuqkati > Content-Type: text/plain; protected-headers=v1; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end > of function > MIME-Version: 1.0 > > On Mon, Jun 16, 2025 at 06:42:41PM +0000, Cy Schubert wrote: > > The branch main has been updated by cy: > >=20 > > URL: https://cgit.FreeBSD.org/src/commit/?id=3D98f18cd98824acdf1045e74615= > f2db0219019f0b > >=20 > > commit 98f18cd98824acdf1045e74615f2db0219019f0b > > Author: Cy Schubert <cy@FreeBSD.org> > > AuthorDate: 2025-06-16 18:40:51 +0000 > > Commit: Cy Schubert <cy@FreeBSD.org> > > CommitDate: 2025-06-16 18:42:30 +0000 > >=20 > > pam_ksu: Move the realm free to end of function > > =20 > > This avoids a use after free. > > =20 > > Noted by: jhb > > --- > > lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > >=20 > > diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pa= > m_ksu/pam_ksu.c > > index a6b3f043d3f4..e50c3e387311 100644 > > --- a/lib/libpam/modules/pam_ksu/pam_ksu.c > > +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c > > @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principa= > l principal, > > if ((rc =3D krb5_get_default_realm(context, &temp_realm))) > > return (rc); > > realm=3Dtemp_realm; > > - if (temp_realm) > > - free(temp_realm); > > } > > va_start(ap, realm); > > /* > > @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principa= > l principal, > > */ > > rc =3D krb5_build_principal_va(context, principal, strlen(realm), realm > = > , ap); > > va_end(ap); > > + if (temp_realm) > > + free(temp_realm); > > Hey Cy, > > I think the call to free can be made unconditional as it's safe to > call free on a NULL pointer (which turns into a no-op). It does but this avoids the overhead of a function call when not needed. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e**(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20250616185249.CF79711A>