Bug 119940

Summary: Pam loses resources
Product: [Fedora] Fedora Reporter: Steve Grubb <linux_4ever>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-07-27 20:54:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch that closes all pam resource leaks that I can find
none
Revised patch
none
Revised patch
none
Updated patch none

Description Steve Grubb 2004-04-03 19:54:43 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
The pam modules leak memory and file descriptors. Mostly during error
conditions, but in at least 1 module, pam_succeed_if, memory is lost
on every write to syslog. The sha1 portion of pam_timestamp was also
incorrectly erasing memory.

Version-Release number of selected component (if applicable):
pam-0.77-36

How reproducible:
Always

Steps to Reproduce:
This problem was found by code review after noticing all kinds of
memory leaks with valgrind while playing with sshd.

Additional info:

I have a patch that I will create as an attachment. Please look at it
and consider applying all or some of it before fedora core 2 final is
released. I feel there are some security implications with this
package in its current state. Either by consuming too much memory and
killing the daemon or leaving file decriptors to potentially sensitive
information open.
Comment 1 Steve Grubb 2004-04-03 19:57:21 UTC 
Created attachment 99091 [details]
Patch that closes all pam resource leaks that I can find

Please consider applying this patch !!!
Comment 2 Steve Grubb 2004-05-03 15:04:39 UTC 
Created attachment 99911 [details]
Revised patch

The new patch corrects more problems than the original.
Comment 3 Steve Grubb 2004-05-07 16:57:18 UTC 
Created attachment 100084 [details]
Revised patch

The patch was updated based on feedback from Dmitry Levin.
Comment 4 Steve Grubb 2004-05-24 18:04:23 UTC 
Created attachment 100514 [details]
Updated patch

The patch is now sync'ed against pam-0.77-40.
Comment 5 Alan Cox 2004-07-27 20:54:28 UTC 
Done