From 09659874cc6cc3ab21314dc3b24a2db1bc77c46c Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Mon, 13 Mar 2023 10:09:10 +0100
Subject: [PATCH 2/4] Don't do anything if the password is empty

If for some reason the password is empty (bug or intentionally configured),
avoid creating a possibly insecure hash.
---
 pam_kwallet.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pam_kwallet.c b/pam_kwallet.c
index 31e93aa..2cd3758 100644
--- a/pam_kwallet.c
+++ b/pam_kwallet.c
@@ -294,6 +294,11 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
         return PAM_IGNORE;
     }
 
+    if (password[0] == '\0') {
+        pam_syslog(pamh, LOG_NOTICE, "%s: Empty or missing password, doing nothing", logPrefix);
+        return PAM_IGNORE;
+    }
+
     char *key = strdup(password);
     result = pam_set_data(pamh, kwalletPamDataKey, key, cleanup_free);
 
-- 
2.39.2