From b52bd25910c9a8a32a49be7627a709a081a3768c Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Sat, 16 May 2020 08:00:00 +0000
Subject: modules: do not check user name for emptyness before passing it to
 pam_modutil_getpwnam

pam_modutil_getpwnam is perfectly capable of handling empty strings as
user names, no need to double check that.

* modules/pam_access/pam_access.c (pam_sm_authenticate): Do not check
the user name for emptyness before passing it to pam_modutil_getpwnam.
* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Likewise.
* modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Likewise.
* modules/pam_shells/pam_shells.c (perform_check): Likewise.
* modules/pam_tally/pam_tally.c (pam_get_uid): Likewise.
* modules/pam_tally2/pam_tally2.c (pam_get_uid): Likewise.
* modules/pam_umask/pam_umask.c (pam_sm_open_session): Likewise.
---
 modules/pam_shells/pam_shells.c | 12 ------------
 1 file changed, 12 deletions(-)

(limited to 'modules/pam_shells')

diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 9e15a566..dc8f4878 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -40,18 +40,6 @@ static int perform_check(pam_handle_t *pamh)
 	return PAM_SERVICE_ERR;
     }
 
-    if (userName[0] == '\0') {
-
-	/* Don't let them use a NULL username... */
-	retval = pam_get_user(pamh,&userName,NULL);
-        if (retval != PAM_SUCCESS)
-	    return PAM_SERVICE_ERR;
-
-	/* It could still be NULL the second time. */
-	if (userName[0] == '\0')
-	    return PAM_SERVICE_ERR;
-    }
-
     pw = pam_modutil_getpwnam(pamh, userName);
     if (pw == NULL || pw->pw_shell == NULL) {
 	return PAM_AUTH_ERR;		/* user doesn't exist */
-- 
cgit v1.2.3