[lxc-devel] [cgmanager/master] check for NULL pointer returned by pam_get_data() in session close

maciejsszmigiero on Github lxc-bot at linuxcontainers.org
Sat Mar 17 13:16:27 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 546 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180317/b899c565/attachment.bin>
-------------- next part --------------
From 76a000c2c3f81fba0ab9b674cead83c85e766d0f Mon Sep 17 00:00:00 2001
From: "Maciej S. Szmigiero" <mail at maciej.szmigiero.name>
Date: Sat, 17 Mar 2018 13:35:49 +0100
Subject: [PATCH] pam_cgm: check for NULL pointer returned by pam_get_data() in
 session close

It turns out that PAM can call module pam_sm_close_session() function even
though this module pam_sm_open_session() returned an error.

In this case pam_get_data() in pam_sm_close_session() will return NULL - we
need to check for that.

Signed-off-by: Maciej S. Szmigiero <mail at maciej.szmigiero.name>
---
 pam/pam_cgm.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pam/pam_cgm.c b/pam/pam_cgm.c
index 0ba4f11..01e639c 100644
--- a/pam/pam_cgm.c
+++ b/pam/pam_cgm.c
@@ -843,7 +843,9 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
 	if (ret != PAM_SUCCESS) {
 		mysyslog(LOG_ERR, "cannot get handle data (%d)\n", ret);
 		return ret;
-	} else
+	} else if (hd_ptr == NULL)
+		return PAM_SUCCESS;
+	else
 		hd = (struct handle_data *)hd_ptr;
 
 	if (!hd->session_open) {


More information about the lxc-devel mailing list