055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL

tty argument, since this will cause our helper to segfault instead of
returning a useful value.  Thanks to Troy Davis for the report.
Closes: #495806.

2 files changed, 13 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index 153e21ff..d6c155a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+pam (1.0.1-3) UNRELEASED; urgency=high
+
+  * 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL
+    tty argument, since this will cause our helper to segfault instead of
+    returning a useful value.  Thanks to Troy Davis for the report.
+    Closes: #495806.
+
+ -- Steve Langasek <vorlon@debian.org>  Wed, 20 Aug 2008 11:51:51 -0700
+
 pam (1.0.1-2) unstable; urgency=low
 
   * 007_modules_pam_unix: update the documentation to correctly document
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure
index 6e4c561b..7ef6a6a2 100644
--- a/debian/patches-applied/055_pam_unix_nullok_secure
+++ b/debian/patches-applied/055_pam_unix_nullok_secure
@@ -56,11 +56,11 @@ Index: pam.deb/modules/pam_unix/support.c
 +	if (on(UNIX_NULLOK_SECURE, ctrl)) {
 +	    const void *uttyname;
 +	    retval = pam_get_item(pamh, PAM_TTY, &uttyname);
-+	    if (retval != PAM_SUCCESS || uttyname == NULL)
++	    if (retval != PAM_SUCCESS || uttyname == NULL
++	        || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS)
++	    {
 +	        nullok = 0;
-+
-+	    if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS)
-+		nullok = 0;
++	    }
 +	}
 +
 +	if (nullok) {