Blame SOURCES/0024-Ticket-50396-Crash-in-PAM-plugin-when-user-does-not-.patch

d0a457
From 6984b34fe496d696e37f003dbf57a5ca1b5899ea Mon Sep 17 00:00:00 2001
d0a457
From: Mark Reynolds <mreynolds@redhat.com>
d0a457
Date: Mon, 20 May 2019 15:06:54 -0400
d0a457
Subject: [PATCH] Ticket 50396 - Crash in PAM plugin when user does not exist
d0a457
d0a457
Description:  pam passthru & addn plugin causes crash in bind when
d0a457
              user does not exist.  Need to make sure we don't
d0a457
              dereference NULL pointer.
d0a457
d0a457
https://pagure.io/389-ds-base/issue/50396
d0a457
d0a457
Reviewed by: mreynolds & tbordaz
d0a457
d0a457
(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)
d0a457
---
d0a457
 ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 5 +++--
d0a457
 1 file changed, 3 insertions(+), 2 deletions(-)
d0a457
d0a457
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
d0a457
index de9448b90..b62c3c6b6 100644
d0a457
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
d0a457
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
d0a457
@@ -436,8 +436,9 @@ pam_passthru_bindpreop(Slapi_PBlock *pb)
d0a457
      * We only handle simple bind requests that include non-NULL binddn and
d0a457
      * credentials.  Let the Directory Server itself handle everything else.
d0a457
      */
d0a457
-    if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') ||
d0a457
-        (creds->bv_len == 0)) {
d0a457
+    if (method != LDAP_AUTH_SIMPLE || normbinddn == NULL ||
d0a457
+        *normbinddn == '\0' || creds->bv_len == 0)
d0a457
+    {
d0a457
         slapi_log_err(SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
d0a457
                       "pam_passthru_bindpreop - Not handled (not simple bind or NULL dn/credentials)\n");
d0a457
         return retcode;
d0a457
-- 
d0a457
2.21.0
d0a457