From fa74250cd379ab8564a6f4b8e6e254893de057c2 Mon Sep 17 00:00:00 2001 From: Richard Yao Date: Wed, 5 Oct 2022 20:09:24 -0400 Subject: [PATCH] PAM: Fix unchecked return value from zfs_key_config_load() 9a49c6b782443ba6e627f2261c45f082ad843094 was intended to fix this issue, but I had missed the case in pam_sm_open_session(). Clang's static analyzer had not reported it and I forgot to look for other cases. Interestingly, GCC gcc-12.1.1_p20220625's static analyzer had caught this as multiple double-free bugs, since another failure after the failure in zfs_key_config_load() will cause us to attempt to free the memory that zfs_key_config_load() was supposed to allocate, but had cleaned up upon failure. Reviewed-by: Brian Behlendorf Signed-off-by: Richard Yao Closes #13978 --- contrib/pam_zfs_key/pam_zfs_key.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/pam_zfs_key/pam_zfs_key.c b/contrib/pam_zfs_key/pam_zfs_key.c index 4b89091cd..0db119382 100644 --- a/contrib/pam_zfs_key/pam_zfs_key.c +++ b/contrib/pam_zfs_key/pam_zfs_key.c @@ -714,7 +714,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, return (PAM_SUCCESS); } zfs_key_config_t config; - zfs_key_config_load(pamh, &config, argc, argv); + if (zfs_key_config_load(pamh, &config, argc, argv) != 0) { + return (PAM_SESSION_ERR); + } + if (config.uid < 1000) { zfs_key_config_free(&config); return (PAM_SUCCESS);