From 268a08e15c475bf8d6f599febd834cd1c863ffd5 Mon Sep 17 00:00:00 2001
From: Martin Lambers <martin.lambers@ruhr-uni-bochum.de>
Date: Thu, 17 Oct 2024 14:33:02 +0200
Subject: [PATCH] Fix memory leak when reading group input.

Since this occurs in a potentially endless loop, a malicious user could cause resource exhaustion.
---
 src/pam_weblogin.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pam_weblogin.c b/src/pam_weblogin.c
index 44cc6dd..64fccec 100644
--- a/src/pam_weblogin.c
+++ b/src/pam_weblogin.c
@@ -234,6 +234,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, UNUSED int flags, int arg
 						}
 						char *group_input = tty_input(pamh, PROMPT_GROUP, PAM_PROMPT_ECHO_ON);
 						group = strtol(group_input, &end, 10);
+						free(group_input);
 						range_error = errno == ERANGE;
 						if (group < 1 || group > max_groups || range_error)
 						{