Patch for Debian bug #439984

pam_env was not correctly skipping over non-alphanumeric variable names,
and was not handling the PAM_BAD_ITEM error return from pam_putenv()
when clearing an unset variable.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: submitted in <20070830222058.GA9984@dario.dodds.net>

Index: pam/Linux-PAM/modules/pam_env/pam_env.c
===================================================================
--- pam.orig/Linux-PAM/modules/pam_env/pam_env.c
+++ pam/Linux-PAM/modules/pam_env/pam_env.c
@@ -232,9 +232,14 @@
 
 	for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ )
 	    if (!isalnum(key[i]) && key[i] != '_') {
-		D(("key is not alpha numeric - '%s', ignoring", key));
-		continue;
+		pam_syslog(pamh, LOG_ERR,
+		           "non-alphanumeric key '%s' in %s', ignoring",
+		           key, file);
+		break;
 	    }
+	/* non-alphanumeric key, ignore this line */
+	if (key[i] != '=' && key[i] != '\0')
+	    continue;
 
 	/* now we try to be smart about quotes around the value,
 	   but not too smart, we can't get all fancy with escaped
@@ -250,6 +255,10 @@
 
 	/* set the env var, if it fails, we break out of the loop */
 	retval = pam_putenv(pamh, key);
+	if (retval == PAM_BAD_ITEM)
+	    /* expected error from deleting a non-existent env var */
+	    retval = PAM_SUCCESS;
+
 	if (retval != PAM_SUCCESS) {
 	    D(("error setting env \"%s\"", key));
 	    break;