From 6a5e978085cc721bb09796ab44d77c3142b5f78b Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Wed, 21 Oct 2015 00:38:26 +0200
Subject: [PATCH] Fix memory leak in auth-pam plugin

As it says on the tin.  aresp would not be free'd nor returned by
my_conv() on errors.  Note that we never reach this code if allocation
of aresp failed.

Found with the Clang static analyzer.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <1445380706-20864-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10338
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit cfc13b38bc6504b9768e4cc43311807d6b074672)
---
 src/plugins/auth-pam/auth-pam.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index bd7179271..95692ab22 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -642,6 +642,9 @@ my_conv (int n, const struct pam_message **msg_array,
 
   if (ret == PAM_SUCCESS)
     *response_array = aresp;
+  else
+    free(aresp);
+
   return ret;
 }
 
-- 
2.47.2