From ea9421342eb381aa43eafd95bef298cbc8979368 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Jun 03 2016 07:49:44 +0000
Subject: Coverity: dereference in pam_ssh_agent_auth

Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/

---

diff --git a/openssh.spec b/openssh.spec
index 1321581..439906e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -121,6 +121,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
 Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
 # remove prefixes to be able to build against current openssh library
 Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
+# Fix NULL dereference from getpwuid() return value
+# https://sourceforge.net/p/pamsshagentauth/bugs/22/
+Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-6.6p1-role-mls.patch
@@ -411,6 +414,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch302 -p2 -b .psaa-visibility
 %patch306 -p2 -b .psaa-compat
 %patch305 -p2 -b .psaa-agent
+%patch307 -p2 -b .psaa-deref
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
diff --git a/pam_ssh_agent_auth-0.10.2-dereference.patch b/pam_ssh_agent_auth-0.10.2-dereference.patch
new file mode 100644
index 0000000..e3c411f
--- /dev/null
+++ b/pam_ssh_agent_auth-0.10.2-dereference.patch
@@ -0,0 +1,23 @@
+
+--- openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-command	2016-04-20 09:31:32.164686370 +0200
++++ openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c	2016-04-20 09:35:49.778344576 +0200
+@@ -145,11 +145,14 @@
+ int
+ pam_user_key_allowed(const char *ruser, Key * key)
+ {
+-    return
+-        pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
+-                                          key, authorized_keys_file)
+-        || pamsshagentauth_user_key_allowed2(getpwuid(0), key,
+-                                             authorized_keys_file)
++    struct passwd *file_pw, *root_pw;
++    file_pw = getpwuid(authorized_keys_file_allowed_owner_uid);
++    root_pw = getpwuid(0);
++    return
++        (file_pw != NULL &&
++            pamsshagentauth_user_key_allowed2(file_pw, key, authorized_keys_file))
++        || (root_pw != NULL &&
++            pamsshagentauth_user_key_allowed2(root_pw, key, authorized_keys_file))
+         || pamsshagentauth_user_key_command_allowed2(authorized_keys_command,
+                                                      authorized_keys_command_user,
+                                                      getpwnam(ruser), key);