libopenbsd/closefrom: correctly handle snprintf truncation

[opendoas.git] / pam.c

diff --git a/pam.c b/pam.c
index 7842c9aff95bfc6269405a826b0b2ac41da7b9da..3e8fab5946020f9604dc5e218321ce369a67bb75 100644 (file)
--- a/pam.c
+++ b/pam.c
@@ -130,17 +130,17 @@ fail:
 void
 pamcleanup(int ret)
 {
-       if (session_opened)
+       if (session_opened != 0) {
                ret = pam_close_session(pamh, 0);
                if (ret != PAM_SUCCESS)
                        errx(1, "pam_close_session: %s", pam_strerror(pamh, ret));
-
-       if (cred_established)
+       }
+       if (cred_established != 0) {
                ret = pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
                if (ret != PAM_SUCCESS)
                        warn("pam_setcred(?, PAM_DELETE_CRED | PAM_SILENT): %s",
                            pam_strerror(pamh, ret));
-
+       }
        pam_end(pamh, ret);
 }
 
@@ -149,7 +149,7 @@ watchsession(pid_t child)
 {
        sigset_t sigs;
        struct sigaction act, oldact;
-       int status;
+       int status = 1;
 
        /* block signals */
        sigfillset(&sigs);
@@ -191,7 +191,7 @@ watchsession(pid_t child)
                status = 1;
 
 close:
-       if (caught_signal) {
+       if (caught_signal && child != (pid_t)-1) {
                fprintf(stderr, "\nSession terminated, killing shell\n");
                kill(child, SIGTERM);
        }
@@ -199,10 +199,12 @@ close:
        pamcleanup(PAM_SUCCESS);
 
        if (caught_signal) {
-               /* kill child */
-               sleep(2);
-               kill(child, SIGKILL);
-               fprintf(stderr, " ...killed.\n");
+               if (child != (pid_t)-1) {
+                       /* kill child */
+                       sleep(2);
+                       kill(child, SIGKILL);
+                       fprintf(stderr, " ...killed.\n");
+               }
 
                /* unblock cached signal and resend */
                sigaction(SIGTERM, &oldact, NULL);