Bug 24235

Summary: polkit-agent-helper may call pam_end with a stale pam handle
Product: PolicyKit Reporter: Andreas Sandberg <andreas>
Component: libpolkitAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED FIXED QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Patch that sets pam_h to null after calling pam_end

Description Andreas Sandberg 2009-09-30 15:13:37 UTC 
Created attachment 29960 [details] [review]
Patch that sets pam_h to null after calling pam_end

polkit-agent-helper calls pam_end on pam_h without setting pam_h to NULL. This causes the error handler to call pam_end on the stale handler if the send_dbus_message procedure fails, which in turn generates a SIGSEGV.
Comment 1 David Zeuthen (not reading bugmail) 2009-10-21 10:14:16 UTC 
(In reply to comment #0)
> Created an attachment (id=29960) [details]
> Patch that sets pam_h to null after calling pam_end
> 
> polkit-agent-helper calls pam_end on pam_h without setting pam_h to NULL. This
> causes the error handler to call pam_end on the stale handler if the
> send_dbus_message procedure fails, which in turn generates a SIGSEGV.
> 

Committed as f5e0b55. Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.