From dcfeacd617091686fc8abc6d12f2ff301798b6e7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 8 Nov 2022 16:16:07 -0800
Subject: [PATCH 1/2] nsswitch: Fix pam_set_data()/pam_get_data() to use
 pointers to a time_t, not try and embedd it directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184

(cherry picked from commit 7cb50405515298b75dcc512633fb3877045aabc6)
---
 nsswitch/pam_winbind.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index e7ae605b341..02a8aa8df98 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 	 */
 
 	if (flags & PAM_PRELIM_CHECK) {
-		time_t pwdlastset_prelim = 0;
+		time_t *pwdlastset_prelim = NULL;
+
+		pwdlastset_prelim = talloc_array(NULL, time_t, 1);
+		if (pwdlastset_prelim == NULL) {
+			_pam_log(ctx, LOG_CRIT,
+				 "password - out of memory");
+			ret = PAM_BUF_ERR;
+			goto out;
+		}
 
 		/* instruct user what is happening */
 
@@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		ret = winbind_auth_request(ctx, user, pass_old,
 					   NULL, NULL, 0,
 					   &error, NULL,
-					   &pwdlastset_prelim, NULL);
+					   pwdlastset_prelim, NULL);
 
 		if (ret != PAM_ACCT_EXPIRED &&
 		    ret != PAM_AUTHTOK_EXPIRED &&
@@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		}
 
 		pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET,
-			     (void *)pwdlastset_prelim, NULL);
+			     pwdlastset_prelim,
+			     _pam_winbind_cleanup_func);
 
 		ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
 				   (const void *) pass_old);
@@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		}
 	} else if (flags & PAM_UPDATE_AUTHTOK) {
 
-		time_t pwdlastset_update = 0;
+		time_t *pwdlastset_update = NULL;
 
 		/*
 		 * obtain the proposed password
@@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		 * By reaching here we have approved the passwords and must now
 		 * rebuild the password database file.
 		 */
-		pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
-			     (const void **) &pwdlastset_update);
+		pam_get_data(pamh,
+			     PAM_WINBIND_PWD_LAST_SET,
+			     (const void **)&pwdlastset_update);
 
 		/*
 		 * if cached creds were enabled, make sure to set the
@@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 		}
 
 		ret = winbind_chauthtok_request(ctx, user, pass_old,
-						pass_new, pwdlastset_update);
+						pass_new, *pwdlastset_update);
 		if (ret != PAM_SUCCESS) {
 			pass_old = pass_new = NULL;
 			goto out;
-- 
2.34.1


From df3ef67af55a3985160eb25558683055f80f7a75 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Wed, 16 Nov 2022 15:37:52 +0000
Subject: [PATCH 2/2] nsswitch: Fix uninitialized memory when allocating
 pwdlastset_prelim

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184

(cherry picked from commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c)
---
 nsswitch/pam_winbind.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 02a8aa8df98..06a8db21b69 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -3228,7 +3228,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 	if (flags & PAM_PRELIM_CHECK) {
 		time_t *pwdlastset_prelim = NULL;
 
-		pwdlastset_prelim = talloc_array(NULL, time_t, 1);
+		pwdlastset_prelim = talloc_zero(NULL, time_t);
 		if (pwdlastset_prelim == NULL) {
 			_pam_log(ctx, LOG_CRIT,
 				 "password - out of memory");
-- 
2.34.1