From c8dc2b4c2045bb44a038356751e0f0428afe1171 Mon Sep 17 00:00:00 2001 From: Daniel Abrecht Date: Thu, 19 Jan 2017 11:35:04 +0100 Subject: pam_exec: fix a potential null pointer dereference Fix a null pointer dereference when pam_prompt returns PAM_SUCCESS but the response is set to NULL. * modules/pam_exec/pam_exec.c (call_exec): Do not invoke strndupa with a null pointer. Closes: https://github.com/linux-pam/linux-pam/pull/2 --- modules/pam_exec/pam_exec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'modules/pam_exec') diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index f7de1aa5..52dc6818 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -177,9 +177,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh, return retval; } - pam_set_item (pamh, PAM_AUTHTOK, resp); - authtok = strndupa (resp, PAM_MAX_RESP_SIZE); - _pam_drop (resp); + if (resp) + { + pam_set_item (pamh, PAM_AUTHTOK, resp); + authtok = strndupa (resp, PAM_MAX_RESP_SIZE); + _pam_drop (resp); + } } else authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); -- cgit v1.2.3