From 7bd16685cece711d09095f42c07e435a860e8c71 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 26 Nov 2012 01:33:25 -0700
Subject: [PATCH] basic_pam_auth: Fix NULL-dereference issues

PAM session handles being used after setup failure left them NULL.

Also removes several useless checks of retval after it being explicitly
set to the value tested againt.

 Detected by Coverity Scan. Issue 740354
---
 helpers/basic_auth/PAM/basic_pam_auth.cc | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/helpers/basic_auth/PAM/basic_pam_auth.cc b/helpers/basic_auth/PAM/basic_pam_auth.cc
index 62d9a160cf..199b3c10fa 100644
--- a/helpers/basic_auth/PAM/basic_pam_auth.cc
+++ b/helpers/basic_auth/PAM/basic_pam_auth.cc
@@ -260,8 +260,7 @@ start:
         /* Authentication */
         retval = PAM_SUCCESS;
         if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_USER, user);
+            retval = pam_set_item(pamh, PAM_USER, user);
             if (retval == PAM_SUCCESS)
                 retval = pam_set_item(pamh, PAM_CONV, &conv);
         }
@@ -278,12 +277,11 @@ error:
         /* cleanup */
         retval = PAM_SUCCESS;
 #if defined(PAM_AUTHTOK)
-        if (ttl != 0) {
-            if (retval == PAM_SUCCESS)
-                retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+        if (ttl != 0 && pamh) {
+            retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
         }
 #endif
-        if (ttl == 0 || retval != PAM_SUCCESS) {
+        if (pamh && (ttl == 0 || retval != PAM_SUCCESS)) {
             retval = pam_end(pamh, retval);
             if (retval != PAM_SUCCESS) {
                 debug("WARNING: failed to release PAM authenticator\n");
-- 
2.47.2