diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-27 11:25:57 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-27 11:25:57 -0400 |
| commit | 74a826d967fe8c5de1dca12ad21229ff4f76d5c4 (patch) | |
| tree | 7fd303740811cb0a0d935ab35e7f0bdb3e4a60ae /src | |
| parent | 242ba67238ca240db1688d5adaf8ca10a54faafb (diff) | |
| download | slapi-nis-74a826d967fe8c5de1dca12ad21229ff4f76d5c4.tar.gz slapi-nis-74a826d967fe8c5de1dca12ad21229ff4f76d5c4.tar.xz slapi-nis-74a826d967fe8c5de1dca12ad21229ff4f76d5c4.zip | |
Don't use pamh before or after it's valid
Don't use the PAM handle before it's initialized or after it's freed
(static analysis).
Diffstat (limited to 'src')
| -rw-r--r-- | src/back-sch-pam.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/src/back-sch-pam.c b/src/back-sch-pam.c index ae1ae41..a59e6e3 100644 --- a/src/back-sch-pam.c +++ b/src/back-sch-pam.c @@ -156,19 +156,31 @@ map_pam_error(Slapi_PBlock *pb, const char *fn, "(bind DN \"%s\")", fn, user, binddn); } else { - *errmsg = PR_smprintf("PAM %s error for user \"%s\" " - "(bind DN \"%s\"): %s", - fn, user, binddn, pam_strerror(pamh, rc)); + if (pamh != NULL) { + *errmsg = PR_smprintf("PAM %s error for user \"%s\" " + "(bind DN \"%s\"): %s", + fn, user, binddn, pam_strerror(pamh, rc)); + } else { + *errmsg = PR_smprintf("PAM %s error for user \"%s\" " + "(bind DN \"%s\")", + fn, user, binddn); + } } } else { if (rc == PAM_SUCCESS) { *errmsg = PR_smprintf("PAM %s succeeds for user \"%s\" " "(bind DN \"%s\")", - fn, user, binddn, pam_strerror(pamh, rc)); + fn, user, binddn); } else { - *errmsg = PR_smprintf("PAM %s error for invalid user " - "(bind DN \"%s\"): %s", - fn, binddn, pam_strerror(pamh, rc)); + if (pamh != NULL) { + *errmsg = PR_smprintf("PAM %s error for invalid user " + "(bind DN \"%s\"): %s", + fn, binddn, pam_strerror(pamh, rc)); + } else { + *errmsg = PR_smprintf("PAM %s error for invalid user " + "(bind DN \"%s\")", + fn, binddn); + } } } switch (rc) { @@ -219,7 +231,7 @@ backend_sch_do_pam_auth(Slapi_PBlock *pb, const char *username) Slapi_DN *bindsdn = NULL; int rc = PAM_SUCCESS; int retcode = LDAP_SUCCESS; - pam_handle_t *pamh; + pam_handle_t *pamh = NULL; struct conv_data conv_data; struct pam_conv conv; int pw_response_requested = 0; @@ -264,7 +276,6 @@ backend_sch_do_pam_auth(Slapi_PBlock *pb, const char *username) pamh, &errmsg, &retcode); } } - pam_end(pamh, rc); } done: @@ -286,6 +297,9 @@ done: pw_response_requested != 0, pamh, &errmsg, &retcode); } + if (pamh != NULL) { + pam_end(pamh, rc); + } /* Log the diagnostic information for the administrator. */ slapi_log_error(SLAPI_LOG_PLUGIN, state->plugin_desc->spd_id, |