------------------------------------------------------------ revno: 11707 revision-id: squid3@treenet.co.nz-20121126083325-o36gialy2jgv7ck6 parent: squid3@treenet.co.nz-20121126083253-ei0h1pdlou0nfixw committer: Amos Jeffries branch nick: 3.2 timestamp: Mon 2012-11-26 01:33:25 -0700 message: basic_pam_auth: Fix NULL-dereference issues PAM session handles being used after setup failure left them NULL. Also removes several useless checks of retval after it being explicitly set to the value tested againt. Detected by Coverity Scan. Issue 740354 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20121126083325-o36gialy2jgv7ck6 # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # testament_sha1: e0bd5f86ee1c6b54dc6771bfa5c79840e1d2be06 # timestamp: 2012-11-26 08:36:56 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_2 # base_revision_id: squid3@treenet.co.nz-20121126083253-\ # ei0h1pdlou0nfixw # # Begin patch === modified file 'helpers/basic_auth/PAM/basic_pam_auth.cc' --- helpers/basic_auth/PAM/basic_pam_auth.cc 2012-07-28 05:38:50 +0000 +++ helpers/basic_auth/PAM/basic_pam_auth.cc 2012-11-26 08:33:25 +0000 @@ -260,8 +260,7 @@ /* Authentication */ retval = PAM_SUCCESS; if (ttl != 0) { - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_USER, user); + retval = pam_set_item(pamh, PAM_USER, user); if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_CONV, &conv); } @@ -278,12 +277,11 @@ /* cleanup */ retval = PAM_SUCCESS; #if defined(PAM_AUTHTOK) - if (ttl != 0) { - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); + if (ttl != 0 && pamh) { + retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); } #endif - if (ttl == 0 || retval != PAM_SUCCESS) { + if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { debug("WARNING: failed to release PAM authenticator\n");