From: Andreas Schneider <asn@samba.org>
Date: Mon, 24 Jun 2024 08:20:51 +0000 (+0200)
Subject: s3:auth: Avoid passing freed pamh pointer to funcitons using it
X-Git-Tag: tdb-1.4.11~277
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=ec7dfedccf6b30c69398b8473b503c7d19b132cf;p=thirdparty%2Fsamba.git

s3:auth: Avoid passing freed pamh pointer to funcitons using it

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/auth/pampass.c:466: freed_arg: ""pam_end"" frees ""pamh"".
samba-4.20.0rc2/source3/auth/pampass.c:467: pass_freed_arg: Passing freed pointer ""pamh"" as an argument to ""smb_pam_error_handler"".
  465|   	if( pamh != NULL ) {
  466|   		pam_error = pam_end(pamh, 0);
  467|-> 		if(smb_pam_error_handler(pamh, pam_error, ""End Cleanup Failed"", 2) == True) {
  468|   			DEBUG(4, (""smb_pam_end: PAM: PAM_END OK.\n""));
  469|   			return True;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
---

diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 27a5e7434c7..3e764f32f7d 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -464,12 +464,16 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
 
 	if( pamh != NULL ) {
 		pam_error = pam_end(pamh, 0);
-		if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
-			DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+		if (pam_error == PAM_SUCCESS) {
+			DBG_NOTICE("PAM: PAM_END OK.\n");
 			return True;
 		}
+
+		DBG_WARNING("PAM: PAM_END FAILED (%d).\n", pam_error);
+	} else {
+		DBG_INFO("PAM: not initialised\n");
 	}
-	DEBUG(2,("smb_pam_end: PAM: not initialised\n"));
+
 	return False;
 }