Accept empty password and/or response in auth-pam plugin

In the auth-pam plugin correctly parse the static challenge string even when password or challenge response is empty. Whether an empty user input is an error is determined by the PAM conversation function depending on whether the PAM module queries for it or not. Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1533696271-21799-2-git-send-email-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17382.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
OpenVPN · Aug 8, 2018 · 7a81090 · 7a81090
1 parent da0a42c
commit 7a81090
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c
@@ -310,11 +310,11 @@ split_scrv1_password(struct user_pass *up)
     *resp++ = '\0';
 
     int n = plugin_base64_decode(pass, up->password, sizeof(up->password)-1);
-    if (n > 0)
+    if (n >= 0)
     {
         up->password[n] = '\0';
         n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1);
-        if (n > 0)
+        if (n >= 0)
         {
             up->response[n] = '\0';
             if (DEBUG(up->verb))