From a7cf0ae3b266f9c5ead7d8acc4e5210adbc088cf Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Wed, 27 May 2020 13:38:37 +0200
Subject: [PATCH] pam: Fix double free after verification error

The data->result was free'ed both in the loop (before breaking) and
afterwards. As the first case did not set the pointer to NULL, this
could result in a double free.

Fix this by simply removing the free that is in the loop and relying on
the cleanup later on.
---
 pam/pam_fprintd.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pam/pam_fprintd.c b/pam/pam_fprintd.c
index 7423a09..1c046a7 100644
--- a/pam/pam_fprintd.c
+++ b/pam/pam_fprintd.c
@@ -423,12 +423,10 @@ do_verify (pam_handle_t *pamh,
 				ret = PAM_AUTHINFO_UNAVAIL;
 			} else if (str_equal (data->result, "verify-disconnected")) {
 				ret = PAM_AUTHINFO_UNAVAIL;
-				free (data->result);
 				break;
 			} else {
 				send_info_msg (data->pamh, _("An unknown error occurred"));
 				ret = PAM_AUTH_ERR;
-				free (data->result);
 				break;
 			}
 			free (data->result);