[PATCH] auth-pam: don't leak PAM env strings after pam_putenv()
Theo de Raadt
deraadt at openbsd.org
Tue May 19 00:10:05 AEST 2026
There are 3 completely seperate PAM libraries:
Solaris, Linux, and FreeBSD.
You have only checked one of them.
https://docs.oracle.com/cd/E36784_01/html/E36878/pam-putenv-3pam.html
The pam_putenv() function sets the value of the PAM environment
variable name equal to value either by altering an existing PAM
variable or by creating a new one.
One of them documenting this behaviour, and another saying something
different, kind of matters, becaue memory leaks are less dangerous
than use-after-free bugs, which is what your proposal would introduce
if either of the other two PAM libraries follow a different lifetime
rule.
More information about the openssh-unix-dev
mailing list