s3:auth: Avoid passing freed pamh pointer to funcitons using it

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/auth/pampass.c:466: freed_arg: ""pam_end"" frees ""pamh"".
samba-4.20.0rc2/source3/auth/pampass.c:467: pass_freed_arg: Passing freed pointer ""pamh"" as an argument to ""smb_pam_error_handler"".
  465|   	if( pamh != NULL ) {
  466|   		pam_error = pam_end(pamh, 0);
  467|-> 		if(smb_pam_error_handler(pamh, pam_error, ""End Cleanup Failed"", 2) == True) {
  468|   			DEBUG(4, (""smb_pam_end: PAM: PAM_END OK.\n""));
  469|   			return True;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 27a5e7434c70f6376d845c1695eb5fc98671560a..3e764f32f7d3d3bad2397723e04e8bf76e32e845 100644 (file)
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -464,12 +464,16 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
 
        if( pamh != NULL ) {
                pam_error = pam_end(pamh, 0);
-               if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
-                       DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+               if (pam_error == PAM_SUCCESS) {
+                       DBG_NOTICE("PAM: PAM_END OK.\n");
                        return True;
                }
+
+               DBG_WARNING("PAM: PAM_END FAILED (%d).\n", pam_error);
+       } else {
+               DBG_INFO("PAM: not initialised\n");
        }
-       DEBUG(2,("smb_pam_end: PAM: not initialised\n"));
+
        return False;
 }