pam_mount/pam_mount-1.27-fix-sudo-crash.dif

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 5107e9b..bdc37f0 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -2,6 +2,10 @@
 For details, see the history as recorded in the git repository.
 
 
+Fixes:
+- pam_mount: avoid crash in sudo by not calling setenv() with NULL
+
+
 v1.27 (July 01 2009)
 ====================
 Changes:
diff --git a/src/pam_mount.c b/src/pam_mount.c
index 87262bd..73da556 100644
--- a/src/pam_mount.c
+++ b/src/pam_mount.c
@@ -451,7 +451,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 {
 	struct vol *vol;
 	int ret;
-	unsigned int krb5_set;
+	const char *krb5;
 	char *system_authtok = NULL;
 	const void *tmp;
 	int getval;
@@ -464,11 +464,17 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 	w4rn(PACKAGE_STRING ": entering session stage\n");
 
 	/*
+	 * Environment variables set with setenv() only last while PAM is
+	 * active, i.e. disappear when the shell is started. On the other hand,
+	 * variabled fed to pam_putenv() are only visible once the shell
+	 * started.
+	 */
+	/*
 	 * Get the Kerberos CCNAME so we can make it available to the
 	 * mount command later on.
 	 */
-	krb5_set = getenv("KRB5CCNAME") != NULL;
-	if (setenv("KRB5CCNAME", pam_getenv(pamh, "KRB5CCNAME"), 1) < 0)
+	krb5 = pam_getenv(pamh, "KRB5CCNAME");
+	if (krb5 != NULL && setenv("KRB5CCNAME", krb5, true) < 0)
 		l0g("KRB5CCNAME setenv failed\n");
 
 	/* Store initialized config as PAM data */
@@ -545,7 +551,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 		}
 	}
 	memset(system_authtok, 0, strlen(system_authtok));
-	if (krb5_set)
+	if (krb5 != NULL)
 		unsetenv("KRB5CCNAME");
 	modify_pm_count(&Config, Config.user, "1");
 	envpath_restore();
Accepting request 24760 from home:mcalmer:branches:openSUSE:11.2 Copy from home:mcalmer:branches:openSUSE:11.2/pam_mount based on submit request 24760 from user mcalmer OBS-URL: https://build.opensuse.org/request/show/24760 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=32 2009-11-20 13:35:27 +00:00			`diff --git a/doc/changelog.txt b/doc/changelog.txt`
			`index 5107e9b..bdc37f0 100644`
			`--- a/doc/changelog.txt`
			`+++ b/doc/changelog.txt`
			`@@ -2,6 +2,10 @@`
			`For details, see the history as recorded in the git repository.`


			`+Fixes:`
			`+- pam_mount: avoid crash in sudo by not calling setenv() with NULL`
			`+`
			`+`
			`v1.27 (July 01 2009)`
			`====================`
			`Changes:`
			`diff --git a/src/pam_mount.c b/src/pam_mount.c`
			`index 87262bd..73da556 100644`
			`--- a/src/pam_mount.c`
			`+++ b/src/pam_mount.c`
			`@@ -451,7 +451,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,`
			`{`
			`struct vol *vol;`
			`int ret;`
			`- unsigned int krb5_set;`
			`+ const char *krb5;`
			`char *system_authtok = NULL;`
			`const void *tmp;`
			`int getval;`
			`@@ -464,11 +464,17 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,`
			`w4rn(PACKAGE_STRING ": entering session stage\n");`

			`/*`
			`+ * Environment variables set with setenv() only last while PAM is`
			`+ * active, i.e. disappear when the shell is started. On the other hand,`
			`+ * variabled fed to pam_putenv() are only visible once the shell`
			`+ * started.`
			`+ */`
			`+ /*`
			`* Get the Kerberos CCNAME so we can make it available to the`
			`* mount command later on.`
			`*/`
			`- krb5_set = getenv("KRB5CCNAME") != NULL;`
			`- if (setenv("KRB5CCNAME", pam_getenv(pamh, "KRB5CCNAME"), 1) < 0)`
			`+ krb5 = pam_getenv(pamh, "KRB5CCNAME");`
			`+ if (krb5 != NULL && setenv("KRB5CCNAME", krb5, true) < 0)`
			`l0g("KRB5CCNAME setenv failed\n");`

			`/* Store initialized config as PAM data */`
			`@@ -545,7 +551,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,`
			`}`
			`}`
			`memset(system_authtok, 0, strlen(system_authtok));`
			`- if (krb5_set)`
			`+ if (krb5 != NULL)`
			`unsetenv("KRB5CCNAME");`
			`modify_pm_count(&Config, Config.user, "1");`
			`envpath_restore();`