diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2023-05-03 20:12:52 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2023-05-09 18:56:00 -0700 |
commit | 917c8b5d3450870b4f25fd4a5a5198faa9de9aeb (patch) | |
tree | afd9966c928defc9f7b8498e2a144ce57f6f3ab0 | |
parent | 422bec25ae4a1ab03fd4d6f728695ed279173b18 (diff) | |
download | libcap-917c8b5d3450870b4f25fd4a5a5198faa9de9aeb.tar.gz |
There was a small memory leak in pam_cap.so when libpam returned an error.
The function pam_set_data() takes ownership of a memory pointer if
the call succeeds, but does not take that ownership if the function
fails. Previously, the failure caused no deferred capability setting and
a return code PAM_IGNORE. It continues to do that in this case, but no
longer leaks the allocated iab memory.
This bug was introduced with deferred IAB capability setting support in
libcap-2.58.
Credit for finding this bug in pam_cap.so goes to X41 D-Sec GmbH
(https://x41-dsec.de/) who performed a security audit of the libcap
source code in April of 2023. The audit was sponsored by the Open
Source Technology Improvement Fund (https://ostif.org/).
Audit ref: LCAP-CR-23-100
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | pam_cap/pam_cap.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c index 7e8cade..91278dc 100644 --- a/pam_cap/pam_cap.c +++ b/pam_cap/pam_cap.c @@ -290,7 +290,12 @@ static int set_capabilities(struct pam_cap_s *cs) if (cs->defer) { D(("configured to delay applying IAB")); - pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply); + int ret = pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply); + if (ret != PAM_SUCCESS) { + D(("unable to cache capabilities for delayed setting: %d", ret)); + /* since ok=0, the module will return PAM_IGNORE */ + cap_free(iab); + } iab = NULL; } else if (!cap_iab_set_proc(iab)) { D(("able to set the IAB [%s] value", conf_caps)); |