Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function

In reply to: Shawn Webb : "Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Mon, 16 Jun 2025 18:52:49 UTC

In message <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z>
, S
hawn Webb writes:
> 
>
> --jol37ovfjjuqkati
> Content-Type: text/plain; protected-headers=v1; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
> Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end
>  of function
> MIME-Version: 1.0
>
> On Mon, Jun 16, 2025 at 06:42:41PM +0000, Cy Schubert wrote:
> > The branch main has been updated by cy:
> >=20
> > URL: https://cgit.FreeBSD.org/src/commit/?id=3D98f18cd98824acdf1045e74615=
> f2db0219019f0b
> >=20
> > commit 98f18cd98824acdf1045e74615f2db0219019f0b
> > Author:     Cy Schubert <cy@FreeBSD.org>
> > AuthorDate: 2025-06-16 18:40:51 +0000
> > Commit:     Cy Schubert <cy@FreeBSD.org>
> > CommitDate: 2025-06-16 18:42:30 +0000
> >=20
> >     pam_ksu: Move the realm free to end of function
> >    =20
> >     This avoids a use after free.
> >    =20
> >     Noted by:       jhb
> > ---
> >  lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pa=
> m_ksu/pam_ksu.c
> > index a6b3f043d3f4..e50c3e387311 100644
> > --- a/lib/libpam/modules/pam_ksu/pam_ksu.c
> > +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
> > @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principa=
> l principal,
> >  		if ((rc =3D krb5_get_default_realm(context, &temp_realm)))
> >  			return (rc);
> >  		realm=3Dtemp_realm;
> > -		if (temp_realm)
> > -			free(temp_realm);
> >  	}
> >  	va_start(ap, realm);
> >  	/*
> > @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principa=
> l principal,
> >  	 */
> >  	rc =3D krb5_build_principal_va(context, principal, strlen(realm), realm
> =
> , ap);
> >  	va_end(ap);
> > +	if (temp_realm)
> > +		free(temp_realm);
>
> Hey Cy,
>
> I think the call to free can be made unconditional as it's safe to
> call free on a NULL pointer (which turns into a no-op).

It does but this avoids the overhead of a function call when not needed.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e**(i*pi)+1=0