2 files changed, 5 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 092344a4..3b64040c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20131219
  - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
    greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
+ - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
+   Patch from Loganaden Velvindron.
 
 20131218
  - (djm) OpenBSD CVS Sync
diff --git a/auth-pam.c b/auth-pam.c
index d51318b3..d789bad7 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -438,8 +438,10 @@ sshpam_thread(void *ctxtp)
 	const char **ptr_pam_user = &pam_user;
 	char *tz = getenv("TZ");
 
-	pam_get_item(sshpam_handle, PAM_USER,
+	sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
 	    (sshpam_const void **)ptr_pam_user);
+	if (sshpam_err != PAM_SUCCESS)
+		goto auth_fail;
 
 	environ[0] = NULL;
 	if (tz != NULL)