cifscreds: better error handling when key_search fails

If we ended up getting a bogus string that would have overflowed, then make key_search set errno to EINVAL before returning. The callers can then test to see if the returned error is what was expected or something else and handle it appropriately. Cc: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Jeff Layton <jlayton@samba.org>
author: Jeff Layton <jlayton@samba.org> 2014-04-20 20:41:05 -0400
committer: Jeff Layton <jlayton@samba.org> 2014-04-20 20:41:08 -0400
commit: 3da4c43b575498be86c87a2ac3f3142e3cab1c59 (patch)
tree: 172aef6b75c84b6894c213c7fc3ba4ff0e208ddc /pam_cifscreds.c
parent: 0c521d5060035da655107001374e08873ac5dde8 (diff)
download: cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.gz
cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.bz2
cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
index e0d8a55..fb23117 100644
--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
 			return PAM_SERVICE_ERR;
 		}
 
+		switch(errno) {
+		case ENOKEY:
+			break;
+		default:
+			pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)",
+					currentaddress, strerror(errno));
+			return PAM_SERVICE_ERR;
+		}
+
 		currentaddress = nextaddress;
 		if (currentaddress) {
 			*(currentaddress - 1) = ',';
author	Jeff Layton <jlayton@samba.org>	2014-04-20 20:41:05 -0400
committer	Jeff Layton <jlayton@samba.org>	2014-04-20 20:41:08 -0400
commit	3da4c43b575498be86c87a2ac3f3142e3cab1c59 (patch)
tree	172aef6b75c84b6894c213c7fc3ba4ff0e208ddc /pam_cifscreds.c
parent	0c521d5060035da655107001374e08873ac5dde8 (diff)
download	cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.gz cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.tar.bz2 cifs-utils-3da4c43b575498be86c87a2ac3f3142e3cab1c59.zip