[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: a17c0a60a2e3f036cf54013f0402c18a5f0768cf

X2Go dev team git-admin at x2go.org
Wed Apr 24 18:47:26 CEST 2013


The branch, x2gosession has been updated
       via  a17c0a60a2e3f036cf54013f0402c18a5f0768cf (commit)
      from  69d299e459312a18dc599269ac014c4d68edc844 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |   71 +++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 50 insertions(+), 21 deletions(-)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index a090f02..33105d4 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -252,31 +252,55 @@ done:
 static int
 session_socket_handler (struct passwd * pwdent, const char * ruser, const char * rhost, const char * rdomain, const char * password)
 {
+	/* Socket stuff */
+	int socketfd = 0;
+	struct sockaddr_un socket_addr;
+
+	/* Connected user */
+	socklen_t connected_addr_size;
+	int connectfd = 0;
+	struct sockaddr_un connected_addr;
+
+	/* Our buffer */
+	char * buffer = NULL;
+	int buffer_len = 0;
+
+	/* Track write out */
+	int writedata = 0;
+
 	if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
 			setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
+		/* Don't need to clean up yet */
 		return EXIT_FAILURE;
 	}
 
 	/* Build this up as a buffer so we can just write it and see that
 	   very, very clearly */
-	int buffer_len = 0;
 	buffer_len += strlen(ruser) + 1;    /* Add one for the space */
 	buffer_len += strlen(rhost) + 1;    /* Add one for the space */
 	buffer_len += strlen(rdomain) + 1;  /* Add one for the space */
 	buffer_len += strlen(password) + 1; /* Add one for the NULL */
 
-	char * buffer = malloc(buffer_len);
+	if (buffer_len < 5) {
+		/* Don't need to clean up yet */
+		return EXIT_FAILURE;
+	}
+
+	buffer = malloc(buffer_len);
+
+	if (buffer == NULL) {
+		/* Don't need to clean up yet */
+		return EXIT_FAILURE;
+	}
+
 	/* Lock the buffer before writing */
 	mlock(buffer, buffer_len);
 	snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost);
 
 	/* Make our socket and bind it */
-	int socketfd = 0;
-	struct sockaddr_un socket_addr;
-
 	socketfd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (socketfd < 0) {
-		return EXIT_FAILURE;
+		goto cleanup;
 	}
 
 	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
@@ -288,40 +312,45 @@ session_socket_handler (struct passwd * pwdent, const char * ruser, const char *
 	   there isn't a race condition to get to it.  Things will block
 	   otherwise. */
 	if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) {
-		close(socketfd);
-		return EXIT_FAILURE;
+		goto cleanup;
 	}
 
 	/* Set the socket file permissions to be 600 and the user and group
 	   to be the guest user.  NOTE: This won't protect on BSD */
 	if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
 			chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
-		close(socketfd);
-		return EXIT_FAILURE;
+		goto cleanup;
 	}
 
 	if (listen(socketfd, 1) < 0) {
-		close(socketfd);
-		return EXIT_FAILURE;
+		goto cleanup;
 	}
 
-	socklen_t connected_addr_size;
-	int connectfd;
-	struct sockaddr_un connected_addr;
-
 	connected_addr_size = sizeof(struct sockaddr_un);
 	connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size);
 	if (connectfd < 0) {
-		close(socketfd);
-		return EXIT_FAILURE;
+		goto cleanup;
 	}
 
-	int writedata;
 	writedata = write(connectfd, buffer, buffer_len);
 
-	close(socketfd);
-	close(connectfd);
+cleanup:
+	if (socketfd != 0) {
+		close(socketfd);
+	}
+	if (connectfd != 0) {
+		close(connectfd);
+	}
+
+	if (buffer != NULL) {
+		memset(buffer, 0, buffer_len);
+		munlock(buffer, buffer_len);
+		free(buffer);
+		buffer = NULL;
+	}
 
+	/* This should be only true on the write, so we can use this to check
+	   out as writedata is init to 0 */
 	if (writedata == buffer_len) {
 		return 0;
 	}


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).




More information about the x2go-commits mailing list