1. When pam_stack_dispatch() aborts and returns an
error, it does not free any memory allocated.
Specifically, it does not free pamh and the
environment.
2. _pam_stack_copy() overwrites existing values
without free()ing them first.
3. _pam_start_handlers(sub_pamh) and
_pam_init_handlers(sub_pamh) are called but there is
no call to _pam_free_handlers(sub_pamh). Thus the
handlers are never freed. Over time, this can add up
to quite a bit of RAM.
These issues are problems only on programs that
perform frequent and repeated authentications (such
as databases, etc.) where the memory can add up to 3-
5K per authentication.
Logged In: YES
user_id=1142
pam_stack is an enhancement from RedHat.
Please report this bug to them, Linux-PAM does not
come with a pam_stack module.