diff --git a/ChangeLog b/ChangeLog index 0bfeeddeb..b444df906 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ - (bal) [configure.ac] Missing ;; from cray patch. - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines into it's own header. + - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be + freed by the caller; add free_pam_environment() and use it. 20020721 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's @@ -1417,4 +1419,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2391 2002/07/23 00:03:33 mouring Exp $ +$Id: ChangeLog,v 1.2392 2002/07/23 00:44:07 stevesk Exp $ diff --git a/auth-pam.c b/auth-pam.c index 79af58a0b..8e1498296 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -38,7 +38,7 @@ extern char *__progname; extern int use_privsep; -RCSID("$Id: auth-pam.c,v 1.51 2002/07/21 23:59:39 stevesk Exp $"); +RCSID("$Id: auth-pam.c,v 1.52 2002/07/23 00:44:07 stevesk Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now." @@ -421,6 +421,16 @@ char **fetch_pam_environment(void) #endif /* HAVE_PAM_GETENVLIST */ } +void free_pam_environment(char **env) +{ + int i; + + if (env != NULL) { + for (i = 0; env[i] != NULL; i++) + xfree(env[i]); + } +} + /* Print any messages that have been generated during authentication */ /* or account checking to stderr */ void print_pam_messages(void) diff --git a/auth-pam.h b/auth-pam.h index 215e75282..7881b6b80 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -1,4 +1,4 @@ -/* $Id: auth-pam.h,v 1.15 2002/07/21 23:59:39 stevesk Exp $ */ +/* $Id: auth-pam.h,v 1.16 2002/07/23 00:44:07 stevesk Exp $ */ /* * Copyright (c) 2000 Damien Miller. All rights reserved. @@ -35,6 +35,7 @@ void start_pam(const char *user); void finish_pam(void); int auth_pam_password(Authctxt *authctxt, const char *password); char **fetch_pam_environment(void); +void free_pam_environment(char **env); int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); diff --git a/session.c b/session.c index 5fb1ace00..3c759e472 100644 --- a/session.c +++ b/session.c @@ -1042,8 +1042,17 @@ do_setup_env(Session *s, const char *shell) s->authctxt->krb5_ticket_file); #endif #ifdef USE_PAM - /* Pull in any environment variables that may have been set by PAM. */ - copy_environment(fetch_pam_environment(), &env, &envsize); + /* + * Pull in any environment variables that may have + * been set by PAM. + */ + { + char **p; + + p = fetch_pam_environment(); + copy_environment(p, &env, &envsize); + free_pam_environment(p); + } #endif /* USE_PAM */ if (auth_sock_name != NULL)