[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: c1d37b4bf2191349d7836a4ddfd7b851328e9684
X2Go dev team
git-admin at x2go.org
Wed Apr 24 18:47:25 CEST 2013
The branch, x2gosession has been updated
via c1d37b4bf2191349d7836a4ddfd7b851328e9684 (commit)
via c8d25717c4a441e05b1c702288a1b5928e62c288 (commit)
via d9da9b90a2be88825b3219f21b5865872591bbdb (commit)
from b352f976cef3bb3e262bb9b1fa8874db7f9a8378 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
src/pam-freerdp.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index b6ec769..02524fb 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -284,7 +284,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
memset(&socket_addr, 0, sizeof(struct sockaddr_un));
socket_addr.sun_family = AF_UNIX;
strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
- strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", sizeof(socket_addr.sun_path) - 1);
+ strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
/* We bind the socket before forking so that we ensure that
there isn't a race condition to get to it. Things will block
@@ -313,10 +313,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
buffer_len += strlen(password) + 1; /* Add one for the NULL */
char * buffer = malloc(buffer_len);
+ /* Lock the buffer before writing */
+ mlock(buffer, buffer_len);
snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost);
pid_t pid = fork();
if (pid == 0) {
+ /* Locks to carry over */
+ mlock(buffer, buffer_len);
+
if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
_exit(EXIT_FAILURE);
@@ -351,11 +356,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
} else if (pid < 0) {
retval = PAM_SYSTEM_ERR;
close(socketfd);
- free(buffer);
} else {
session_pid = pid;
}
+ memset(buffer, 0, buffer_len);
+ munlock(buffer, buffer_len);
+ free(buffer);
+
done:
if (username != NULL) { free(username); }
if (password != NULL) { free(password); }
hooks/post-receive
--
libpam-x2go.git (Remote login session via X2Go (PAM module))
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).
More information about the x2go-commits
mailing list