]> git.ipfire.org Git - thirdparty/util-linux.git/commitdiff
projects / thirdparty / util-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42aa4cd)
login-utils/su-common: Validate all return values again
authorThomas Weißschuh <thomas@t-8ch.de>
Wed, 25 Sep 2024 06:12:45 +0000 (08:12 +0200)
committerThomas Weißschuh <thomas@t-8ch.de>
Wed, 25 Sep 2024 06:16:52 +0000 (08:16 +0200)
The additional coded added in commit
d6564701e812 ("login-utils/su-common: Check that the user didn't change during PAM transaction")
was inserted in between the assignment and tests of "rc",
making the return value unchecked.
Add a new explicit check.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
login-utils/su-common.c patch | blob | blame | history

diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 844d1d43170dbf7a407eb83c009b294fd268b4d0..feb4645fa1b6837fd4a3d9561a90d895bb4dd15f 100644 (file)
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -423,6 +423,8 @@ static void supam_authenticate(struct su_context *su)
        rc = pam_acct_mgmt(su->pamh, 0);
        if (rc == PAM_NEW_AUTHTOK_REQD)
                rc = pam_chauthtok(su->pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+       if (is_pam_failure(rc))
+               goto done;
 
        rc = pam_get_item(su->pamh, PAM_USER, (const void **) &pam_user);
        if (is_pam_failure(rc))
Unnamed repository; edit this file 'description' to name the repository.