From 1c7d757b79a7bfbb9d6b290321c80c0a5643e1b9 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 22 Sep 2023 10:38:46 -0600
Subject: [PATCH] check_user: fix return value for intercept mode

Also use early return on error to quiet a PVS-Studio warning.
---
 plugins/sudoers/check.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c
index 434e3ca14..45351c42d 100644
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -108,7 +108,7 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
      */
     if (ISSET(ctx->mode, MODE_POLICY_INTERCEPTED)) {
 	if (!def_intercept_authenticate) {
-	    debug_return_int(true);
+	    debug_return_int(AUTH_SUCCESS);
 	}
     }
 
@@ -117,9 +117,11 @@ check_user(struct sudoers_context *ctx, unsigned int validated,
      * Required for proper PAM session support.
      */
     if ((closure.auth_pw = get_authpw(ctx, mode)) == NULL)
-	goto done;
-    if (sudo_auth_init(ctx, closure.auth_pw, mode) != AUTH_SUCCESS)
-	goto done;
+	debug_return_int(AUTH_ERROR);
+    if (sudo_auth_init(ctx, closure.auth_pw, mode) != AUTH_SUCCESS) {
+	sudo_pw_delref(closure.auth_pw);
+	debug_return_int(AUTH_ERROR);
+    }
     closure.ctx = ctx;
 
     /*
@@ -222,8 +224,7 @@ done:
     }
     timestamp_close(closure.cookie);
     sudo_auth_cleanup(ctx, closure.auth_pw, !ISSET(validated, VALIDATE_SUCCESS));
-    if (closure.auth_pw != NULL)
-	sudo_pw_delref(closure.auth_pw);
+    sudo_pw_delref(closure.auth_pw);
 
     debug_return_int(ret);
 }