[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: c1d37b4bf2191349d7836a4ddfd7b851328e9684

[X2Go dev team]

The branch, x2gosession has been updated
       via  c1d37b4bf2191349d7836a4ddfd7b851328e9684 (commit)
       via  c8d25717c4a441e05b1c702288a1b5928e62c288 (commit)
       via  d9da9b90a2be88825b3219f21b5865872591bbdb (commit)
      from  b352f976cef3bb3e262bb9b1fa8874db7f9a8378 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index b6ec769..02524fb 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -284,7 +284,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
 	socket_addr.sun_family = AF_UNIX;
 	strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
-	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", sizeof(socket_addr.sun_path) - 1);
+	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
 
 	/* We bind the socket before forking so that we ensure that
 	   there isn't a race condition to get to it.  Things will block
@@ -313,10 +313,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 	buffer_len += strlen(password) + 1; /* Add one for the NULL */
 
 	char * buffer = malloc(buffer_len);
+	/* Lock the buffer before writing */
+	mlock(buffer, buffer_len);
 	snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost);
 
 	pid_t pid = fork();
 	if (pid == 0) {
+		/* Locks to carry over */
+		mlock(buffer, buffer_len);
+
 		if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 				setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
 			_exit(EXIT_FAILURE);
@@ -351,11 +356,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 	} else if (pid < 0) {
 		retval = PAM_SYSTEM_ERR;
 		close(socketfd);
-		free(buffer);
 	} else {
 		session_pid = pid;
 	}
 
+	memset(buffer, 0, buffer_len);
+	munlock(buffer, buffer_len);
+	free(buffer);
+
 done:
 	if (username != NULL) { free(username); }
 	if (password != NULL) { free(password); }


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).