From: Daniel Abrecht <daniel.abrecht@hotmail.com>
Date: Thu, 19 Jan 2017 10:35:04 +0000 (+0100)
Subject: pam_exec: fix a potential null pointer dereference
X-Git-Tag: v1.3.1~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c8dc2b4c2045bb44a038356751e0f0428afe1171;p=linux-pam

pam_exec: fix a potential null pointer dereference

Fix a null pointer dereference when pam_prompt returns PAM_SUCCESS
but the response is set to NULL.

* modules/pam_exec/pam_exec.c (call_exec): Do not invoke strndupa
with a null pointer.

Closes: https://github.com/linux-pam/linux-pam/pull/2
---

diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index f7de1aa5..52dc6818 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -177,9 +177,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 		  return retval;
 		}
 
-	      pam_set_item (pamh, PAM_AUTHTOK, resp);
-	      authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
-	      _pam_drop (resp);
+	      if (resp)
+		{
+		  pam_set_item (pamh, PAM_AUTHTOK, resp);
+		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
+		  _pam_drop (resp);
+		}
 	    }
 	  else
 	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);