Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

While openpam overwrites possible sensitive data on cleanup, it misses 

the buffers used in the password dialog. Clean them too.
This commit is contained in:
drochner 2008-07-16 18:20:17 +00:00
parent 1f6364ac89
commit 0a06aa4eeb
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dist/openpam/lib/pam_get_authtok.c vendored
View File

@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: pam_get_authtok.c,v 1.4 2008/01/27 01:23:00 christos Exp $
* $Id: pam_get_authtok.c,v 1.5 2008/07/16 18:20:17 drochner Exp $
*/
#include <sys/param.h>
@ -114,16 +114,21 @@ pam_get_authtok(pam_handle_t *pamh,
if (twice) {
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
if (r != PAM_SUCCESS) {
memset(resp, 0, strlen(resp));
FREE(resp);
RETURNC(r);
}
if (strcmp(resp, resp2) != 0)
if (strcmp(resp, resp2) != 0) {
memset(resp, 0, strlen(resp));
FREE(resp);
}
memset(resp2, 0, strlen(resp2));
FREE(resp2);
}
if (resp == NULL)
RETURNC(PAM_TRY_AGAIN);
r = pam_set_item(pamh, item, resp);
memset(resp, 0, strlen(resp));
FREE(resp);
if (r != PAM_SUCCESS)
RETURNC(r);