Accept empty password and/or response in auth-pam plugin

In the auth-pam plugin correctly parse the static challenge string
even when password or challenge response is empty.

Whether an empty user input is an error is determined by the PAM
conversation function depending on whether the PAM module queries
for it or not.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1533696271-21799-2-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17382.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 7a8109023f4c345fe12f23421c5fa7e88e1ea85b)

diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
index 1324307f1aaf4412de7ff12fa6fef2c4815bb464..88b53204b3ca75343f9b7b52de2ab9d6a3a1eb8a 100644 (file)
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -310,11 +310,11 @@ split_scrv1_password(struct user_pass *up)
     *resp++ = '\0';
 
     int n = plugin_base64_decode(pass, up->password, sizeof(up->password)-1);
-    if (n > 0)
+    if (n >= 0)
     {
         up->password[n] = '\0';
         n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1);
-        if (n > 0)
+        if (n >= 0)
         {
             up->response[n] = '\0';
             if (DEBUG(up->verb))