Package: pam-pgsql Severity: normal Tags: patch
pam-pgsql doesn't free memory allocated in mhash_end function. It is not clearly stateed in libmhash documentation, but pointer returned by mhash_end is malloc'ed, and us such must be freed. Also, if malloc fails, pam_pgsql will cause SIGSEGV dereferencing a NULL pointer. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.14.3 Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL)
pam_pgsql_leak.patch
Description: Binary data
