basic_pam_auth: Fix NULL-dereference issues

PAM session handles being used after setup failure left them NULL.

Also removes several useless checks of retval after it being explicitly
set to the value tested againt.

  Detected by Coverity Scan. Issue 740354

diff --git a/helpers/basic_auth/PAM/basic_pam_auth.cc b/helpers/basic_auth/PAM/basic_pam_auth.cc
index f2af46e89b72b3fedde896c2c97a2613c732160a..f48cacac60c0affc8b26e335ecbf94b3aff86fab 100644 (file)
--- a/helpers/basic_auth/PAM/basic_pam_auth.cc
+++ b/helpers/basic_auth/PAM/basic_pam_auth.cc
@@ -258,8 +258,7 @@ start:
         /* Authentication */
         retval = PAM_SUCCESS;
         if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_USER, user);
+            retval = pam_set_item(pamh, PAM_USER, user);
             if (retval == PAM_SUCCESS)
                 retval = pam_set_item(pamh, PAM_CONV, &conv);
         }
@@ -276,12 +275,11 @@ error:
         /* cleanup */
         retval = PAM_SUCCESS;
 #if defined(PAM_AUTHTOK)
-        if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+        if (ttl != 0 && pamh) {
+            retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
         }
 #endif
-        if (ttl == 0 || retval != PAM_SUCCESS) {
+        if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) {
             retval = pam_end(pamh, retval);
             if (retval != PAM_SUCCESS) {
                 debug("WARNING: failed to release PAM authenticator\n");