From: Thomas Weißschuh <thomas@t-8ch.de>
Date: Wed, 25 Sep 2024 06:12:45 +0000 (+0200)
Subject: login-utils/su-common: Validate all return values again
X-Git-Tag: v2.42-start~191
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d159b58bfd01bc261107c5a7a9e00d1715f33f14;p=thirdparty%2Futil-linux.git

login-utils/su-common: Validate all return values again

The additional coded added in commit
d6564701e812 ("login-utils/su-common: Check that the user didn't change during PAM transaction")
was inserted in between the assignment and tests of "rc",
making the return value unchecked.
Add a new explicit check.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---

diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 844d1d431..feb4645fa 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -423,6 +423,8 @@ static void supam_authenticate(struct su_context *su)
 	rc = pam_acct_mgmt(su->pamh, 0);
 	if (rc == PAM_NEW_AUTHTOK_REQD)
 		rc = pam_chauthtok(su->pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+	if (is_pam_failure(rc))
+		goto done;
 
 	rc = pam_get_item(su->pamh, PAM_USER, (const void **) &pam_user);
 	if (is_pam_failure(rc))