9a49c6b782443ba6e627f2261c45f082ad843094 was intended to fix this issue,
but I had missed the case in pam_sm_open_session(). Clang's static
analyzer had not reported it and I forgot to look for other cases.
Interestingly, GCC gcc-12.1.1_p20220625's static analyzer had caught
this as multiple double-free bugs, since another failure after the
failure in zfs_key_config_load() will cause us to attempt to free the
memory that zfs_key_config_load() was supposed to allocate, but had
cleaned up upon failure.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13978
return (PAM_SUCCESS);
}
zfs_key_config_t config;
- zfs_key_config_load(pamh, &config, argc, argv);
+ if (zfs_key_config_load(pamh, &config, argc, argv) != 0) {
+ return (PAM_SESSION_ERR);
+ }
+
if (config.uid < 1000) {
zfs_key_config_free(&config);
return (PAM_SUCCESS);