Blame SOURCES/cronie-1.4.11-pamenv.patch

ad6487
diff -up cronie-1.4.11/src/security.c.ppp cronie-1.4.11/src/security.c
ad6487
--- cronie-1.4.11/src/security.c.ppp	2013-07-18 14:27:08.000000000 +0200
ad6487
+++ cronie-1.4.11/src/security.c	2013-08-30 14:00:15.263788467 +0200
ad6487
@@ -129,15 +129,13 @@ int cron_set_job_security_context(entry
ad6487
 	}
ad6487
 #endif
ad6487
 
ad6487
-	*jobenv = build_env(e->envp);
ad6487
-
ad6487
 #ifdef WITH_SELINUX
ad6487
 	/* we must get the crontab context BEFORE changing user, else
ad6487
 	 * we'll not be permitted to read the cron spool directory :-)
ad6487
 	 */
ad6487
 	security_context_t ucontext = 0;
ad6487
 
ad6487
-	if (cron_get_job_range(u, &ucontext, *jobenv) < OK) {
ad6487
+	if (cron_get_job_range(u, &ucontext, e->envp) < OK) {
ad6487
 		log_it(e->pwd->pw_name, getpid(), "ERROR",
ad6487
 			"failed to get SELinux context", 0);
ad6487
 		return -1;
ad6487
@@ -165,6 +163,8 @@ int cron_set_job_security_context(entry
ad6487
 		return -1;
ad6487
 	}
ad6487
 
ad6487
+	*jobenv = build_env(e->envp);
ad6487
+
ad6487
 	time_t job_run_time = time(0L);
ad6487
 
ad6487
 	if ((minutely_time > 0) && ((job_run_time / 60) != (minutely_time / 60))) {
ad6487
@@ -615,11 +615,18 @@ int crontab_security_access(void) {
ad6487
 */
ad6487
 static char **build_env(char **cronenv) {
ad6487
 #ifdef WITH_PAM
ad6487
-	char **jobenv;
ad6487
-	char **pamenv = pam_getenvlist(pamh);
ad6487
+	char **jobenv = pam_getenvlist(pamh);
ad6487
 	char *cronvar;
ad6487
 	int count = 0;
ad6487
-	jobenv = env_copy(pamenv);
ad6487
+
ad6487
+	if (jobenv == NULL) {
ad6487
+		jobenv = env_init();
ad6487
+		if (jobenv == NULL) {
ad6487
+			log_it("CRON", getpid(),
ad6487
+				"ERROR", "Initialization of cron environment variables failed", 0);
ad6487
+			return NULL;
ad6487
+		}
ad6487
+	}
ad6487
 
ad6487
 	/* Now add the cron environment variables. Since env_set()
ad6487
 	 * overwrites existing variables, this will let cron's