------------------------------------------------------------ revno: 12389 revision-id: squid3@treenet.co.nz-20121118113538-34a01mza98iau1c6 parent: squid3@treenet.co.nz-20121118113456-csxd0olsxao6e362 committer: Amos Jeffries branch nick: 3.3 timestamp: Sun 2012-11-18 04:35:38 -0700 message: basic_pam_auth: Fix NULL-dereference issues PAM session handles being used after setup failure left them NULL. Also removes several useless checks of retval after it being explicitly set to the value tested againt. Detected by Coverity Scan. Issue 740354 ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20121118113538-34a01mza98iau1c6 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: e60fe75ab53d23c69df3f32a306e5c328a6ce063 # timestamp: 2012-11-18 11:39:21 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20121118113456-\ # csxd0olsxao6e362 # # Begin patch === modified file 'helpers/basic_auth/PAM/basic_pam_auth.cc' --- helpers/basic_auth/PAM/basic_pam_auth.cc 2012-09-01 14:38:36 +0000 +++ helpers/basic_auth/PAM/basic_pam_auth.cc 2012-11-18 11:35:38 +0000 @@ -258,8 +258,7 @@ /* Authentication */ retval = PAM_SUCCESS; if (ttl != 0) { - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_USER, user); + retval = pam_set_item(pamh, PAM_USER, user); if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_CONV, &conv); } @@ -276,12 +275,11 @@ /* cleanup */ retval = PAM_SUCCESS; #if defined(PAM_AUTHTOK) - if (ttl != 0) { - if (retval == PAM_SUCCESS) - retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); + if (ttl != 0 && pamh) { + retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); } #endif - if (ttl == 0 || retval != PAM_SUCCESS) { + if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { debug("WARNING: failed to release PAM authenticator\n");