pam_sss: check conversation callback

With this patch pam_sss checks if a conversation callback is available
before using it.

Resolves https://fedorahosted.org/sssd/ticket/3296

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index b4175ae2c..03613b8cd 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -205,6 +205,10 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
 
     ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv);
     if (ret != PAM_SUCCESS) return ret;
+    if (conv == NULL || conv->conv == NULL) {
+        logger(pamh, LOG_ERR, "No conversation function");
+        return PAM_SYSTEM_ERR;
+    }
 
     do {
         pam_msg = malloc(sizeof(struct pam_message));
@@ -1304,6 +1308,10 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
     if (ret != PAM_SUCCESS) {
         return ret;
     }
+    if (conv == NULL || conv->conv == NULL) {
+        logger(pamh, LOG_ERR, "No conversation function");
+        return PAM_SYSTEM_ERR;
+    }
 
     m[0].msg_style = PAM_PROMPT_ECHO_OFF;
     m[0].msg = prompt_fa1;