Description Florian Best 2020-11-09 15:44:01 CET

It seems python-pam leaks some strings and the conversation function:

objgraph.get_leaking_objects() returns:

[('SAML message: ', 1)]
→ This is the list of PAM prompts

<function <lambda> at 0x7efee8416050>
→ This is the conversation function we set to not leak the real conversation function:
276 »   »   self.pam.set_item(PAM_CONV, lambda a, b, c: None)  # free self.conversation leaking

Patch: The first hunk fixes the leaking message.
The second hunk fixes the leaking conversation function. Not sure if this hunk is correct/the best solution we can have. I find no better place.

diff --git PAMmodule.c PAMmodule.c
index 65a2797..8e872ee 100644
--- PAMmodule.c
+++ PAMmodule.c
@@ -61,6 +61,7 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg,
     
     args = Py_BuildValue("(OOO)", self, msgList, self->userData);
     respList = PyEval_CallObject(self->callback, args);
+    Py_DECREF(msgList);
     Py_DECREF(args);
     Py_DECREF(self);
     
@@ -486,6 +487,7 @@ static void PyPAM_dealloc(PyPAMObject *self)
     free(self->service);
     free(self->user);
     free(self->conv);
+    Py_XDECREF(self->callback);
     pam_end(self->pamh, PAM_SUCCESS);
     PyObject_FREE(self);
 }