From e7c9154dc3346f4a9dd61857ac0d9124fcef6a85 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 28 Jul 2009 09:43:57 -0400
Subject: Address CVE-2009-2410

Fix incorrect error code return in local_handler_callback
---
 server/responder/pam/pam_LOCAL_domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'server')

diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 5c1fea993..5d76891f7 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -379,7 +379,7 @@ static void local_handler_callback(void *pvt, int ldb_status,
 
             password = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
             NULL_CHECK_OR_JUMP(password, ("No password stored.\n"),
-                               lreq->error, ret, done);
+                               lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done);
             DEBUG(4, ("user: [%s], password hash: [%s]\n", username, password));
 
             ret = s3crypt_sha512(lreq, authtok, password, &new_hash);
-- 
cgit