From 653d2f366d9b305e307d7d94d5b809db2649c084 Mon Sep 17 00:00:00 2001 From: Don Lewis Date: Mon, 16 May 2016 08:34:17 +0000 Subject: [PATCH] Hoist the getpwnam() call outside the first if/else block in pam_sm_chauthtok(). Set user = getlogin() inside the true branch so that it is initialized for the following PAM_LOG() call. This is how it is done in pam_sm_authenticate(). Reported by: Coverity CID: 272498 MFC after: 1 week --- lib/libpam/modules/pam_unix/pam_unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 9a213e2040c..8c6b822aa74 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -278,13 +278,13 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) - pwd = getpwnam(getlogin()); + user = getlogin(); else { retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) return (retval); - pwd = getpwnam(user); } + pwd = getpwnam(user); if (pwd == NULL) return (PAM_AUTHTOK_RECOVERY_ERR);