From a330324ee6a4ea148b56c7bd8c2cecadb3230968 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 6 Apr 2012 21:45:16 +0200
Subject: pam_sss: improve error handling in SELinux code

---
 src/sss_client/pam_sss.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/sss_client')

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 4fe4613aa..8778fe19e 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1198,6 +1198,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
 
             oldmask = umask(022);
             fd = mkstemp(tmp_path);
+            umask(oldmask);
             if (fd < 0) {
                 logger(pamh, LOG_ERR, "creating the temp file for SELinux "
                        "data failed. %s", tmp_path);
@@ -1223,9 +1224,6 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
             close(fd);
 
             rename(tmp_path, path);
-            free(path);
-            free(tmp_path);
-            umask(oldmask);
 #endif /* HAVE_SELINUX */
             break;
         case SSS_PAM_SETCRED:
@@ -1242,6 +1240,10 @@ done:
         free(buf);
     }
     free(repbuf);
+#ifdef HAVE_SELINUX
+    free(path);
+    free(tmp_path);
+#endif /* HAVE_SELINUX */
 
     return pam_status;
 }
-- 
cgit