[Bug 216172] incorrect use of pam_get_item return value in libpam

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jan 17 10:29:49 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216172

            Bug ID: 216172
           Summary: incorrect use of  pam_get_item return value in libpam
           Product: Base System
           Version: 11.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: patrick-fbsd at mindstep.com

In pam_get_authtok the code tests if pam_get_item succeeds with a simple
if(pam_get_item(...)) call. However on success pam_get_item returns
'PAM_SUCCESS' which value is 0.

In libpam the effect of this bug is that custom prompts provided by
applications using pam_set_item() are never used. This is more a cosmetic bug
than anything else.


Below are 2 diffs that fixes the issue in libpam:

-chroot- diff -up pam_get_authtok.c.orig pam_get_authtok.c
--- pam_get_authtok.c.orig      2017-01-11 18:15:11.538423000 +0000
+++ pam_get_authtok.c   2017-01-13 11:50:27.688031000 +0000
@@ -123,7 +123,7 @@ pam_get_authtok(pam_handle_t *pamh,
                prompt = promptp;
        /* no prompt provided, see if there is one tucked away somewhere */
        if (prompt == NULL)
-               if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
+               if (pam_get_item(pamh, pitem, &promptp) == PAM_SUCCESS &&
promptp != NULL)
                        prompt = promptp;
        /* fall back to hardcoded default */
        if (prompt == NULL)





-chroot- diff -up pam_get_user.c.orig pam_get_user.c
--- pam_get_user.c.orig 2017-01-13 11:55:19.971565000 +0000
+++ pam_get_user.c      2017-01-13 11:55:33.291977000 +0000
@@ -79,7 +79,7 @@ pam_get_user(pam_handle_t *pamh,
                prompt = promptp;
        /* no prompt provided, see if there is one tucked away somewhere */
        if (prompt == NULL)
-               if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) &&
+               if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) ==
PAM_SUCCESS &&
                    promptp != NULL)
                        prompt = promptp;
        /* fall back to hardcoded default */

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list