Relevant BUGIDs: mailing list

Purpose of commit: bugfix

Commit summary:
---------------

Don't ignore return values of pam_get_item

diff --git a/CHANGELOG b/CHANGELOG
index f76af2eb67f76c2081b18ebca1a6fbefbcbb9202..cb407caa25deef912e2c56f43e658b1c1d98b91a 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -70,6 +70,7 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
 * configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk)
 * defs: Remove obsolete directory/content (kukuk)
 * Rename _pam_aconf.h.in to config.h (kukuk)
+* pam_unix: Don't ignore pam_get_item return value (kukuk)
 
 0.80: Wed Jul 13 13:23:20 CEST 2005
 * pam_tally: test for NULL data before dereferencing them (t8m)

diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 23eba7e6bb791ff9e8eccd60098fdc8030916e41..38e781520245f71bd198b110be7e399bfcaf1204 100644 (file)
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -207,8 +207,8 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
        D(("recovering return code from auth call"));
        /* We will only find something here if UNIX_LIKE_AUTH is set --
           don't worry about an explicit check of argv. */
-       pam_get_data(pamh, "unix_setcred_return", &pretval);
-       if(pretval) {
+       if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS
+           && pretval) {
                retval = *(const int *)pretval;
                pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
                D(("recovered data indicates that old retval was %d", retval));

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index f399189d9c304a96e0019595806869ba3b9147fd..bb75298ce30294f3470f38ce59a83fc1d8691074 100644 (file)
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -816,8 +816,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
                                new->name = x_strdup(login_name);
 
                                /* any previous failures for this user ? */
-                               pam_get_data(pamh, data_name, &void_old);
-                               old = void_old;
+                               if (pam_get_data(pamh, data_name, &void_old)
+                                   == PAM_SUCCESS)
+                                       old = void_old;
+                               else
+                                       old = NULL;
 
                                if (old != NULL) {
                                        new->count = old->count + 1;