From b77232adfe7023f578332d77c453c20ce2b3ad3c Mon Sep 17 00:00:00 2001
From: Don Lewis <truckman@FreeBSD.org>
Date: Mon, 23 May 2016 05:14:26 +0000
Subject: [PATCH] MFC r299948

Set retval in the empty password case to avoid a path through the
code that fails to set retval before falling through to the final
return().

Reported by:	emaste
Reported by:	Coverity
CID:		1018711
---
 lib/libpam/modules/pam_unix/pam_unix.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index 8c6b822aa743..5403d5d555e2 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -332,6 +332,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 			 * XXX check PAM_DISALLOW_NULL_AUTHTOK
 			 */
 			old_pass = "";
+			retval = PAM_SUCCESS;
 		} else {
 			retval = pam_get_authtok(pamh,
 			    PAM_OLDAUTHTOK, &old_pass, NULL);