oath-toolkit/oath-toolkit-2.4.1-strdup-n...

diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
index 8379358..e2d3363 100644
--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -146,6 +146,12 @@ pam_sm_authenticate (pam_handle_t * pamh,
   char *query_prompt = NULL;
   char *onlypasswd = strdup ("");	/* empty passwords never match */
 
+  if (!onlypasswd)
+    {
+      retval = PAM_BUF_ERR;
+      goto done;
+    }
+
   parse_cfg (flags, argc, argv, &cfg);
 
   retval = pam_get_user (pamh, &user, NULL);
@@ -265,6 +271,11 @@ pam_sm_authenticate (pam_handle_t * pamh,
     {
       free (onlypasswd);
       onlypasswd = strdup (password);
+      if (!onlypasswd)
+        {
+          retval = PAM_BUF_ERR;
+          goto done;
+        }
 
       /* user entered their system password followed by generated OTP? */
Added check for strdup failure (by strdup-null-check patch) Resolves: rhbz#1161360 10 years ago			`diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c`
			`index 8379358..e2d3363 100644`
			`--- a/pam_oath/pam_oath.c`
			`+++ b/pam_oath/pam_oath.c`
			`@@ -146,6 +146,12 @@ pam_sm_authenticate (pam_handle_t * pamh,`
			`char *query_prompt = NULL;`
			`char onlypasswd = strdup (""); / empty passwords never match */`

			`+ if (!onlypasswd)`
			`+ {`
			`+ retval = PAM_BUF_ERR;`
			`+ goto done;`
			`+ }`
			`+`
			`parse_cfg (flags, argc, argv, &cfg);`

			`retval = pam_get_user (pamh, &user, NULL);`
			`@@ -265,6 +271,11 @@ pam_sm_authenticate (pam_handle_t * pamh,`
			`{`
			`free (onlypasswd);`
			`onlypasswd = strdup (password);`
			`+ if (!onlypasswd)`
			`+ {`
			`+ retval = PAM_BUF_ERR;`
			`+ goto done;`
			`+ }`

			`/* user entered their system password followed by generated OTP? */`