pam_exec: fix segfault when authtok is null

According to pam_exec(8), the `expose_authtok` option should be ignored
when the service function is `pam_sm_setcred`. Currently `pam_exec` only
prevent prompt for anth token when `expose_authtok` is set on
`pam_sm_setcred`. This subsequently led to segfault when there isn't an
existing auth token available.

Bug reported on this: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893

After reading https://reviews.freebsd.org/rS349556 I am not sure if the
default behaviour supposed to be simply not prompt for authentication
token, or is it to ignore the option entirely as stated in the man page.

This patch is therefore only adding an additional NULL check on the item
`pam_get_item` provide, and exit with `PAM_SYSTEM_ERR` when such item is
NULL.

MFC after:	1 week
Reviewed by:	des, khng
Differential Revision:	https://reviews.freebsd.org/D35169

1 files changed, 7 insertions, 0 deletions

diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c
index b8f2e1d8fdfc..ef2680d80525 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.c
+++ b/lib/libpam/modules/pam_exec/pam_exec.c
@@ -261,6 +261,13 @@ _pam_exec(pam_handle_t *pamh,
 			/* don't prompt, only expose existing token */
 			rc = pam_get_item(pamh, PAM_AUTHTOK, &item);
 			authtok = item;
+			if (authtok == NULL && rc == PAM_SUCCESS) {
+				openpam_log(PAM_LOG_ERROR, 
+				    "%s: pam_get_authtok(): %s",
+				    func, "authentication token not available");
+				OUT(PAM_SYSTEM_ERR);
+			}
+
 		} else {
 			rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
 		}