From 4490b45732f3eef1f1ad1afe160f2b7b7a3fa5b3 Mon Sep 17 00:00:00 2001 From: truckman Date: Mon, 16 May 2016 08:34:17 +0000 Subject: Hoist the getpwnam() call outside the first if/else block in pam_sm_chauthtok(). Set user = getlogin() inside the true branch so that it is initialized for the following PAM_LOG() call. This is how it is done in pam_sm_authenticate(). Reported by: Coverity CID: 272498 MFC after: 1 week --- lib/libpam/modules/pam_unix/pam_unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libpam/modules/pam_unix/pam_unix.c') diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 9a213e2..8c6b822 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -278,13 +278,13 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int pfd, tfd, retval; if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) - pwd = getpwnam(getlogin()); + user = getlogin(); else { retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) return (retval); - pwd = getpwnam(user); } + pwd = getpwnam(user); if (pwd == NULL) return (PAM_AUTHTOK_RECOVERY_ERR); -- cgit v1.1