From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 13 Nov 2012 23:41:16 +0000 (-0700)
Subject: basic_pam_auth: Fix NULL-dereference issues
X-Git-Tag: SQUID_3_4_0_1~518
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d02b17ee41ff50a77e91c45ba2aada33d48354e4;p=thirdparty%2Fsquid.git

basic_pam_auth: Fix NULL-dereference issues

PAM session handles being used after setup failure left them NULL.

Also removes several useless checks of retval after it being explicitly
set to the value tested againt.

  Detected by Coverity Scan. Issue 740354
---

diff --git a/helpers/basic_auth/PAM/basic_pam_auth.cc b/helpers/basic_auth/PAM/basic_pam_auth.cc
index f2af46e89b..f48cacac60 100644
--- a/helpers/basic_auth/PAM/basic_pam_auth.cc
+++ b/helpers/basic_auth/PAM/basic_pam_auth.cc
@@ -258,8 +258,7 @@ start:
         /* Authentication */
         retval = PAM_SUCCESS;
         if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_USER, user);
+            retval = pam_set_item(pamh, PAM_USER, user);
             if (retval == PAM_SUCCESS)
                 retval = pam_set_item(pamh, PAM_CONV, &conv);
         }
@@ -276,12 +275,11 @@ error:
         /* cleanup */
         retval = PAM_SUCCESS;
 #if defined(PAM_AUTHTOK)
-        if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+        if (ttl != 0 && pamh) {
+            retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
         }
 #endif
-        if (ttl == 0 || retval != PAM_SUCCESS) {
+        if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) {
             retval = pam_end(pamh, retval);
             if (retval != PAM_SUCCESS) {
                 debug("WARNING: failed to release PAM authenticator\n");