From d02b17ee41ff50a77e91c45ba2aada33d48354e4 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 13 Nov 2012 16:41:16 -0700
Subject: [PATCH] basic_pam_auth: Fix NULL-dereference issues

PAM session handles being used after setup failure left them NULL.

Also removes several useless checks of retval after it being explicitly
set to the value tested againt.

  Detected by Coverity Scan. Issue 740354
---
 helpers/basic_auth/PAM/basic_pam_auth.cc | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/helpers/basic_auth/PAM/basic_pam_auth.cc b/helpers/basic_auth/PAM/basic_pam_auth.cc
index f2af46e89b..f48cacac60 100644
--- a/helpers/basic_auth/PAM/basic_pam_auth.cc
+++ b/helpers/basic_auth/PAM/basic_pam_auth.cc
@@ -258,8 +258,7 @@ start:
         /* Authentication */
         retval = PAM_SUCCESS;
         if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_USER, user);
+            retval = pam_set_item(pamh, PAM_USER, user);
             if (retval == PAM_SUCCESS)
                 retval = pam_set_item(pamh, PAM_CONV, &conv);
         }
@@ -276,12 +275,11 @@ error:
         /* cleanup */
         retval = PAM_SUCCESS;
 #if defined(PAM_AUTHTOK)
-        if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+        if (ttl != 0 && pamh) {
+            retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
         }
 #endif
-        if (ttl == 0 || retval != PAM_SUCCESS) {
+        if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) {
             retval = pam_end(pamh, retval);
             if (retval != PAM_SUCCESS) {
                 debug("WARNING: failed to release PAM authenticator\n");
-- 
2.47.3