From 53f8e784dc431a82d31c9b0e95b144507f9330e9 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 19 Dec 2013 11:31:44 +1100
Subject: [PATCH]  - (dtucker) [auth-pam.c] bz#2163: check return value from
 pam_get_item().    Patch from Loganaden Velvindron.

---
 ChangeLog  | 2 ++
 auth-pam.c | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 092344a41..3b64040c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20131219
  - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
    greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
+ - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
+   Patch from Loganaden Velvindron.
 
 20131218
  - (djm) OpenBSD CVS Sync
diff --git a/auth-pam.c b/auth-pam.c
index d51318b3a..d789bad7b 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -438,8 +438,10 @@ sshpam_thread(void *ctxtp)
 	const char **ptr_pam_user = &pam_user;
 	char *tz = getenv("TZ");
 
-	pam_get_item(sshpam_handle, PAM_USER,
+	sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
 	    (sshpam_const void **)ptr_pam_user);
+	if (sshpam_err != PAM_SUCCESS)
+		goto auth_fail;
 
 	environ[0] = NULL;
 	if (tz != NULL)