From: Andrew Deason <adeason@sinenomine.net>
Date: Wed, 13 Apr 2011 16:10:52 +0000 (-0500)
Subject: pam: Check for null upwd from getpwnam_r
X-Git-Tag: upstream/1.6.1.pre1^2~42
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5bef5346c23583ece8308163d85522d15f714475;p=packages%2Fo%2Fopenafs.git

pam: Check for null upwd from getpwnam_r

The POSIX getpwnam_r can yield a NULL struct passwd pointer even when
the returned error code is 0 (in particular, when the requested entry
is not found). Just add a check for a null upwd to make sure we don't
dereference a NULL pointer.

Reviewed-on: http://gerrit.openafs.org/4469
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit fbb4c6115b9af9c52ee06fa9c979a3f4195ad342)

Change-Id: I9a8bccba7b6ecbce393ea149270e5c61ebadd05c
Reviewed-on: http://gerrit.openafs.org/6290
Tested-by: Derrick Brashear <shadow@dementix.org>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
---

diff --git a/src/pam/afs_auth.c b/src/pam/afs_auth.c
index 53d05ad21..6e68640ac 100644
--- a/src/pam/afs_auth.c
+++ b/src/pam/afs_auth.c
@@ -183,7 +183,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
     if (i == 0)			/* getpwnam_r success */
 	upwd = &unix_pwd;
 #endif /* else AFS_HPUX110_ENV */
-    if (ignore_uid && i == 0 && upwd->pw_uid <= ignore_uid_id) {
+    if (ignore_uid && i == 0 && upwd && upwd->pw_uid <= ignore_uid_id) {
 	pam_afs_syslog(LOG_INFO, PAMAFS_IGNORINGROOT, user);
 	RET(PAM_AUTH_ERR);
     }
diff --git a/src/pam/afs_password.c b/src/pam/afs_password.c
index ff4a8717b..afd801965 100644
--- a/src/pam/afs_password.c
+++ b/src/pam/afs_password.c
@@ -127,7 +127,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
     if (i == 0)			/* getpwnam_r success */
 	upwd = &unix_pwd;
 #endif /* else AFS_HPUX110_ENV */
-    if (ignore_root && i == 0 && upwd->pw_uid == 0) {
+    if (ignore_root && i == 0 && upwd && upwd->pw_uid == 0) {
 	pam_afs_syslog(LOG_INFO, PAMAFS_IGNORINGROOT, user);
 	RET(PAM_AUTH_ERR);
     }
diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c
index 850ba672c..573445d19 100644
--- a/src/pam/afs_setcred.c
+++ b/src/pam/afs_setcred.c
@@ -163,7 +163,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
     if (i == 0)			/* getpwnam_r success */
 	upwd = &unix_pwd;
 #endif /* AFS_HPUX110_ENV */
-    if (ignore_uid && i == 0 && upwd->pw_uid <= ignore_uid_id) {
+    if (ignore_uid && i == 0 && upwd && upwd->pw_uid <= ignore_uid_id) {
 	pam_afs_syslog(LOG_INFO, PAMAFS_IGNORINGROOT, user);
 	RET(PAM_AUTH_ERR);
     }