Potential PAM-related memory leak in systemd-executor

[mrc0mmand]

Throughout today I saw two occurrences of a string of PAM-related memory leaks in systemd-executor (#32483 and #32441), in both cases they were hit by dfuzzer:

(sh)[1334]: Direct leak of 384 byte(s) in 1 object(s) allocated from:
(sh)[1334]:     #0 0x712022f5bcf1 in calloc (/usr/lib/clang/17/lib/linux/libclang_rt.asan-x86_64.so+0x15bcf1) (BuildId: beb0a35f2d0823fd6420f355da05e49e71d737f5)
(sh)[1334]:     #1 0x712023a0662b  (/usr/lib/libpam.so.0+0x762b) (BuildId: de2d275cb2a197c9435d80f888b8b56829fc0ec3)
(sh)[1334]:     #2 0x5b1b37cbab9f in setup_pam /systemd-meson-build/../build/src/core/exec-invoke.c:1126:20
(sh)[1334]:     #3 0x5b1b37c85ffb in exec_invoke /systemd-meson-build/../build/src/core/exec-invoke.c:4687:21
(sh)[1334]:     #4 0x5b1b37c7064d in run /systemd-meson-build/../build/src/core/executor.c:236:13
(sh)[1334]:     #5 0x5b1b37c7064d in main /systemd-meson-build/../build/src/core/executor.c:267:13
(sh)[1334]:     #6 0x712020c43ccf  (/usr/lib/libc.so.6+0x25ccf) (BuildId: 6542915cee3354fbcf2b3ac5542201faec43b5c9)

Full report: https://gist.githubusercontent.com/mrc0mmand/07fd8ec0e6651f3f0f18bfaa1c984f03/raw/10fa41c289a879b5990d5038c0f16909bc6b74e9/gistfile1.txt

Logs from affected jobs:

• https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/13327/artifact//systemd-centos-ci/index.html
• https://jenkins-systemd.apps.ocp.cloud.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/13265/artifact//systemd-centos-ci/index.html

I guess #32441 is the culprit, as it was the first one to hit this and also touches systemd-executor stuff.

[dtardon]

@ldv-alt Any idea?

[keszybz]

I looked at #32441 and it doesn't seem to do any allocations that could be leaked. Based on the call stack, this seems to be an issue in PAM.

[ldv-alt]

Since the parent process is intentionally not calling pam_end, the pam handle and all memory it references are leaked.