summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Urbanec <peterurbanec@users.noreply.github.com>2017-07-12 17:47:47 +1000
committerTomáš Mráz <t8m@users.noreply.github.com>2017-07-12 09:47:47 +0200
commit3466dbea5532dbddfd9b725dd242d68ab7388ed8 (patch)
treef1db331f3a28b35628a776e173e28f3a2551fa7d
parentd431110060abb2e92e0d997df1063ccc30922bb7 (diff)
pam_unix: Check return value of malloc used for setcred data (#24)
Check the return value of malloc and if it failed print debug info, send a syslog message and return an error code. The test in AUTH_RETURN for ret_data not being NULL becomes redundant. Signed-off-by: Peter Urbanec <git.user@urbanec.net>
-rw-r--r--modules/pam_unix/pam_unix_auth.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 673861e4..fce6bce1 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -77,14 +77,12 @@
#define _UNIX_AUTHTOK "-UN*X-PASS"
#define AUTH_RETURN \
-do { \
- if (ret_data) { \
- D(("recording return code for next time [%d]", \
- retval)); \
- *ret_data = retval; \
- pam_set_data(pamh, "unix_setcred_return", \
- (void *) ret_data, setcred_free); \
- } \
+do { \
+ D(("recording return code for next time [%d]", \
+ retval)); \
+ *ret_data = retval; \
+ pam_set_data(pamh, "unix_setcred_return", \
+ (void *) ret_data, setcred_free); \
D(("done. [%s]", pam_strerror(pamh, retval))); \
return retval; \
} while (0)
@@ -112,6 +110,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
/* Get a few bytes so we can pass our return value to
pam_sm_setcred() and pam_sm_acct_mgmt(). */
ret_data = malloc(sizeof(int));
+ if (!ret_data) {
+ D(("cannot malloc ret_data"));
+ pam_syslog(pamh, LOG_CRIT,
+ "pam_unix_auth: cannot allocate ret_data");
+ return PAM_BUF_ERR;
+ }
/* get the user'name' */