Red Hat Bugzilla – Bug 119940
Pam loses resources
Last modified: 2007-11-30 17:10:39 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Description of problem:
The pam modules leak memory and file descriptors. Mostly during error
conditions, but in at least 1 module, pam_succeed_if, memory is lost
on every write to syslog. The sha1 portion of pam_timestamp was also
incorrectly erasing memory.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This problem was found by code review after noticing all kinds of
memory leaks with valgrind while playing with sshd.
I have a patch that I will create as an attachment. Please look at it
and consider applying all or some of it before fedora core 2 final is
released. I feel there are some security implications with this
package in its current state. Either by consuming too much memory and
killing the daemon or leaving file decriptors to potentially sensitive
Created attachment 99091 [details]
Patch that closes all pam resource leaks that I can find
Please consider applying this patch !!!
Created attachment 99911 [details]
The new patch corrects more problems than the original.
Created attachment 100084 [details]
The patch was updated based on feedback from Dmitry Levin.
Created attachment 100514 [details]
The patch is now sync'ed against pam-0.77-40.