git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function
Date: Mon, 16 Jun 2025 18:42:41 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=98f18cd98824acdf1045e74615f2db0219019f0b
commit 98f18cd98824acdf1045e74615f2db0219019f0b
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-06-16 18:40:51 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-06-16 18:42:30 +0000
pam_ksu: Move the realm free to end of function
This avoids a use after free.
Noted by: jhb
---
lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pam_ksu/pam_ksu.c
index a6b3f043d3f4..e50c3e387311 100644
--- a/lib/libpam/modules/pam_ksu/pam_ksu.c
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
@@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principal principal,
if ((rc = krb5_get_default_realm(context, &temp_realm)))
return (rc);
realm=temp_realm;
- if (temp_realm)
- free(temp_realm);
}
va_start(ap, realm);
/*
@@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principal principal,
*/
rc = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
va_end(ap);
+ if (temp_realm)
+ free(temp_realm);
return (rc);
}
#endif