From 8b279b4923bbbc01cc616d8d431941463cb1665c Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: May 20 2019 19:11:01 +0000
Subject: Ticket 50396 - Crash in PAM plugin when user does not exist


Description:  pam passthru & addn plugin causes crash in bind when
              user does not exist.  Need to make sure we don't
              dereference NULL pointer.

https://pagure.io/389-ds-base/issue/50396

Reviewed by: mreynolds & tbordaz

(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)

---

diff --git a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
index de9448b..b62c3c6 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptpreop.c
@@ -436,8 +436,9 @@ pam_passthru_bindpreop(Slapi_PBlock *pb)
      * We only handle simple bind requests that include non-NULL binddn and
      * credentials.  Let the Directory Server itself handle everything else.
      */
-    if ((method != LDAP_AUTH_SIMPLE) || (*normbinddn == '\0') ||
-        (creds->bv_len == 0)) {
+    if (method != LDAP_AUTH_SIMPLE || normbinddn == NULL ||
+        *normbinddn == '\0' || creds->bv_len == 0)
+    {
         slapi_log_err(SLAPI_LOG_PLUGIN, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
                       "pam_passthru_bindpreop - Not handled (not simple bind or NULL dn/credentials)\n");
         return retcode;