From bd0f04b76ca25a37c789ba51085060a8098df965 Mon Sep 17 00:00:00 2001
From: "survolog (Andrey Grigorev)" <survolog@yandex.ru>
Date: Wed, 17 Jul 2024 09:02:22 +0300
Subject: [PATCH] Svace fix

---
 pam-1.5.1-svace-confirmed-fixes.patch | 42 +++++++++++++++++++++++++++
 pam.spec                              |  4 ++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 pam-1.5.1-svace-confirmed-fixes.patch

diff --git a/pam-1.5.1-svace-confirmed-fixes.patch b/pam-1.5.1-svace-confirmed-fixes.patch
new file mode 100644
index 0000000..fab2b23
--- /dev/null
+++ b/pam-1.5.1-svace-confirmed-fixes.patch
@@ -0,0 +1,42 @@
+From d91212a8d4f2573567ecd93bc52a0d623329f620 Mon Sep 17 00:00:00 2001
+From: HisShadow <shadowpilot34@gmail.com>
+Date: Tue, 16 Jul 2024 08:57:22 +0000
+Subject: [PATCH] svace confirmed fixes
+
+---
+ modules/pam_console/handlers.c    | 1 +
+ modules/pam_console/pam_console.c | 5 ++++-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_console/handlers.c b/modules/pam_console/handlers.c
+index ec097c6..b122c98 100644
+--- a/modules/pam_console/handlers.c
++++ b/modules/pam_console/handlers.c
+@@ -144,6 +144,7 @@ console_parse_handlers (pam_handle_t *pamh, const char *handlers_name) {
+         return PAM_SUCCESS;        
+ 
+ fail_exit:
++        forget = fclose(fh);
+         console_free_handlers(first_handler);
+         return rv;
+ }
+diff --git a/modules/pam_console/pam_console.c b/modules/pam_console/pam_console.c
+index 11a8205..104bed5 100644
+--- a/modules/pam_console/pam_console.c
++++ b/modules/pam_console/pam_console.c
+@@ -152,8 +152,11 @@ try_xsocket(const char *path, size_t len) {
+     memset(&addr, 0, sizeof(addr));
+     addr.su.sun_family = AF_UNIX;
+ 
+-    if (len > sizeof(addr.su.sun_path))
++    if (len > sizeof(addr.su.sun_path)) {
++        close(fd);
+         return 0;
++    }
++
+     memcpy(addr.su.sun_path, path, len);
+     if (connect(fd, &addr.sa, sizeof(addr.su) - (sizeof(addr.su.sun_path) - len)) == 0) {
+         close(fd);
+-- 
+2.45.2
+
diff --git a/pam.spec b/pam.spec
index 714c3e1..b42a0a2 100644
--- a/pam.spec
+++ b/pam.spec
@@ -15,7 +15,7 @@
 Summary:	A security tool which provides authentication for applications
 Name:		pam
 Version:	1.5.1
-Release:	6
+Release:	7
 Epoch:		1
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
@@ -40,6 +40,8 @@ Source16:	smartcard-auth.pamd
 Source501:	pam_tty_audit.8
 Source502:	README
 
+Patch0:		pam-1.5.1-svace-confirmed-fixes.patch
+
 # RedHat patches
 Patch1:		https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.5.0-redhat-modules.patch
 Patch9:		https://src.fedoraproject.org/rpms/pam/raw/master/f/pam-1.5.0-noflex.patch