From aabd5314a6d76968c377969b49118a2df3f97003 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Sun, 19 May 2024 15:00:00 +0000
Subject: pam_env: fix NULL dereference on error path in econf_read_file

* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL
value returned by econf_getStringValue().

Resolves: https://github.com/linux-pam/linux-pam/issues/796
---
 modules/pam_env/pam_env.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 2cc58228..6d39bb24 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -287,7 +287,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli
       char *val;
 
       error = econf_getStringValue (key_file, NULL, keys[i], &val);
-      if (error != ECONF_SUCCESS) {
+      if (error != ECONF_SUCCESS || val == NULL) {
 	pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s",
 		   keys[i],
 		   econf_errString(error));
-- 
cgit v1.2.3