From db5a6daa7f6fe92cdb70e53aec2f3717b6892b2a Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 22 Jan 2019 17:00:14 +0100
Subject: login: close PAM session on errors as well, not only on success

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 loginutils/login.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/loginutils/login.c b/loginutils/login.c
index 25bb5203b..4df651cc6 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -245,7 +245,9 @@ static void login_pam_end(pam_handle_t *pamh)
 			pam_strerror(pamh, pamret), pamret);
 	}
 }
-#endif /* ENABLE_PAM */
+#else
+# define login_pam_end(pamh) ((void)0)
+#endif
 
 static void get_username_or_die(char *buf, int size_buf)
 {
@@ -471,6 +473,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		 * to know _why_ login failed */
 		syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
 					pam_strerror(pamh, pamret), pamret);
+		login_pam_end(pamh);
 		safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
 		pw = getpwnam(username);
@@ -528,8 +531,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		if (child_pid < 0)
 			bb_perror_msg("vfork");
 		else {
-			if (safe_waitpid(child_pid, NULL, 0) == -1)
-				bb_perror_msg("waitpid");
+			wait_for_exitstatus(child_pid);
 			update_utmp_DEAD_PROCESS(child_pid);
 		}
 		IF_PAM(login_pam_end(pamh);)
-- 
cgit v1.2.3