From 24d319721a43101d996034442137bae37b007fd3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 15 Feb 2011 14:16:13 +0100
Subject: Fix unchecked return values of pam_add_response

https://fedorahosted.org/sssd/ticket/798
---
 src/providers/dp_auth_util.c   |  5 ++++-
 src/providers/ldap/ldap_auth.c |  9 +++++++--
 src/responder/pam/pamsrv_cmd.c | 16 ++++++++++++----
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c
index f8730cf9..7c3541b0 100644
--- a/src/providers/dp_auth_util.c
+++ b/src/providers/dp_auth_util.c
@@ -255,7 +255,10 @@ bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *db
         dbus_message_iter_recurse(&struct_iter, &sub_iter);
         dbus_message_iter_get_fixed_array(&sub_iter, &data, &len);
 
-        pam_add_response(pd, type, len, data);
+        if (pam_add_response(pd, type, len, data) != EOK) {
+            DEBUG(1, ("pam_add_response failed.\n"));
+            return false;
+        }
         dbus_message_iter_next(&array_iter);
     }
 
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 6970d7f6..5857e537 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -206,6 +206,7 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
     if (ppolicy->grace > 0 || ppolicy->expire > 0) {
         uint32_t *data;
         uint32_t *ptr;
+        int ret;
 
         data = talloc_size(pd, 2* sizeof(uint32_t));
         if (data == NULL) {
@@ -224,8 +225,12 @@ static errno_t check_pwexpire_ldap(struct pam_data *pd,
             *ptr = ppolicy->expire;
         }
 
-        pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t),
-                         (uint8_t*)data);
+        ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t),
+                               (uint8_t*)data);
+        if (ret != EOK) {
+            DEBUG(1, ("pam_add_response failed.\n"));
+            return ret;
+        }
     }
 
     *result = SDAP_AUTH_SUCCESS;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 8035a687..3c9d7600 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -500,8 +500,12 @@ static void pam_reply(struct pam_auth_req *preq)
             DEBUG(5, ("Password change not possible while offline.\n"));
             pd->pam_status = PAM_AUTHTOK_ERR;
             user_info_type = SSS_PAM_USER_INFO_OFFLINE_CHPASS;
-            pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t),
-                             (const uint8_t *) &user_info_type);
+            ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t),
+                                   (const uint8_t *) &user_info_type);
+            if (ret != EOK) {
+                DEBUG(1, ("pam_add_response failed.\n"));
+                goto done;
+            }
             break;
 /* TODO: we need the pam session cookie here to make sure that cached
  * authentication was successful */
@@ -565,8 +569,12 @@ static void pam_reply(struct pam_auth_req *preq)
     }
 
     if (pd->domain != NULL) {
-        pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1,
-                         (uint8_t *) pd->domain);
+        ret = pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1,
+                               (uint8_t *) pd->domain);
+        if (ret != EOK) {
+            DEBUG(1, ("pam_add_response failed.\n"));
+            goto done;
+        }
     }
 
     resp_c = 0;
-- 
cgit