diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-02 00:09:48 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-06 14:00:06 +0000 |
| commit | 8db2cfd68951a31f1f14deeb9f9ed616a69d95c0 (patch) | |
| tree | 715017317660fd46e39f54e9f53e8d0c1e2d8f52 /libpam | |
| parent | a14e4b0417944a6d31cd5f7162e06cf9939aa7a4 (diff) | |
pam_get_user: consistently return PAM_SYSTEM_ERR if user specified a NULL pointer
pam_get_user returns PAM_SYSTEM_ERR in case of pamh == NULL.
In case of user == NULL, however, it used to return PAM_PERM_DENIED,
and in case of NULL conversation function it used to return
PAM_SERVICE_ERR.
According to the documentation, PAM_SYSTEM_ERR shall be returned
if a NULL pointer was submitted.
Fix this inconsistency and return PAM_SYSTEM_ERR in each of these
programming error cases.
* libpam/pam_item.c (pam_get_user): Return PAM_SYSTEM_ERR instead of
PAM_PERM_DENIED if user == NULL. Return PAM_SYSTEM_ERR instead of
PAM_SERVICE_ERR if pamh->pam_conversation == NULL.
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/pam_item.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libpam/pam_item.c b/libpam/pam_item.c index 8148fd57..36298ce0 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -285,13 +285,13 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) if (user == NULL) { /* ensure that the module has supplied a destination */ pam_syslog(pamh, LOG_ERR, "pam_get_user: nowhere to record username"); - return PAM_PERM_DENIED; + return PAM_SYSTEM_ERR; } else *user = NULL; if (pamh->pam_conversation == NULL) { pam_syslog(pamh, LOG_ERR, "pam_get_user: no conv element in pamh"); - return PAM_SERVICE_ERR; + return PAM_SYSTEM_ERR; } if (pamh->user) { /* have one so return it */ |