Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end of function

Mon, 16 Jun 2025 11:53:16 -0700 

In message <xa4lcs4gbif33egxswse52pgxbceff2ouwnjnpvrf33qbzwlg6@pgdqmkx6yt6z>
, S
hawn Webb writes:
> 
>
> --jol37ovfjjuqkati
> Content-Type: text/plain; protected-headers=v1; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
> Subject: Re: git: 98f18cd98824 - main - pam_ksu: Move the realm free to end
>  of function
> MIME-Version: 1.0
>
> On Mon, Jun 16, 2025 at 06:42:41PM +0000, Cy Schubert wrote:
> > The branch main has been updated by cy:
> >=20
> > URL: https://cgit.FreeBSD.org/src/commit/?id=3D98f18cd98824acdf1045e74615=
> f2db0219019f0b
> >=20
> > commit 98f18cd98824acdf1045e74615f2db0219019f0b
> > Author:     Cy Schubert <c...@freebsd.org>
> > AuthorDate: 2025-06-16 18:40:51 +0000
> > Commit:     Cy Schubert <c...@freebsd.org>
> > CommitDate: 2025-06-16 18:42:30 +0000
> >=20
> >     pam_ksu: Move the realm free to end of function
> >    =20
> >     This avoids a use after free.
> >    =20
> >     Noted by:       jhb
> > ---
> >  lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pa=
> m_ksu/pam_ksu.c
> > index a6b3f043d3f4..e50c3e387311 100644
> > --- a/lib/libpam/modules/pam_ksu/pam_ksu.c
> > +++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
> > @@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principa=
> l principal,
> >             if ((rc =3D krb5_get_default_realm(context, &temp_realm)))
> >                     return (rc);
> >             realm=3Dtemp_realm;
> > -           if (temp_realm)
> > -                   free(temp_realm);
> >     }
> >     va_start(ap, realm);
> >     /*
> > @@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principa=
> l principal,
> >      */
> >     rc =3D krb5_build_principal_va(context, principal, strlen(realm), realm
> =
> , ap);
> >     va_end(ap);
> > +   if (temp_realm)
> > +           free(temp_realm);
>
> Hey Cy,
>
> I think the call to free can be made unconditional as it's safe to
> call free on a NULL pointer (which turns into a no-op).

It does but this avoids the overhead of a function call when not needed.


-- 
Cheers,
Cy Schubert <cy.schub...@cschubert.com>
FreeBSD UNIX:  <c...@freebsd.org>   Web:  https://FreeBSD.org
NTP:           <c...@nwtime.org>    Web:  https://nwtime.org

                        e**(i*pi)+1=0

Reply via email to