zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0026-Ticket-50396-Crash-in-PAM-plugin-when-user-does-not-.patch

26521d
From 44b6f98bc687f3ec3ae2c40b8086f1bd4936b827 Mon Sep 17 00:00:00 2001
c04070
From: Mark Reynolds <mreynolds@redhat.com>
c04070
Date: Mon, 20 May 2019 15:06:54 -0400
c04070
Subject: [PATCH] Ticket 50396 - Crash in PAM plugin when user does not exist
c04070
c04070
Description:  pam passthru & addn plugin causes crash in bind when
c04070
              user does not exist.  Need to make sure we don't
c04070
              dereference NULL pointer.
c04070
c04070
https://pagure.io/389-ds-base/issue/50396
c04070
c04070
Reviewed by: mreynolds & tbordaz
c04070
c04070
(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)
c04070
---
c04070
 ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 5 +++--
c04070
 1 file changed, 3 insertions(+), 2 deletions(-)
c04070
c04070
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
c04070
index de9448b90..b62c3c6b6 100644
c04070
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
c04070
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
c04070
@@ -436,8 +436,9 @@ pam_passthru_bindpreop(Slapi_PBlock *pb)
c04070
      * We only handle simple bind requests that include non-NULL binddn and
c04070
      * credentials.  Let the Directory Server itself handle everything else.
c04070
      */
c04070
-    if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') ||
c04070
-        (creds->bv_len == 0)) {
c04070
+    if (method != LDAP_AUTH_SIMPLE || normbinddn == NULL ||
c04070
+        *normbinddn == '\0' || creds->bv_len == 0)
c04070
+    {
c04070
         slapi_log_err(SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
c04070
                       "pam_passthru_bindpreop - Not handled (not simple bind or NULL dn/credentials)\n");
c04070
         return retcode;
c04070
-- 
26521d
2.17.2
c04070