mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8fc5610dad
xrdp/sesman
History
matt335672 8fc5610dad
Remove unnecesssary data from struct auth_info (#2438) 
When using PAM authentication, a copy is made of the username and password in the auth_info structure.

The password copy is not cleared from memory when the structure is deallocated. This could mean the password is revealed to an attacker from a coredump.

One solution is to clear the password when the struct is deallocated. However, the username and password in the auth_info struct are only required for the duration of the PAM conversation function. A better solution is to remove the username and password from the auth_info struct entirely, and just use pointers for the duration of the time the callback function is used.
2022-11-28 10:05:20 +00:00
..
chansrv mark count with unused attribute 2022-09-05 22:58:07 -07:00
tools fix typos 2022-09-03 02:01:48 +00:00
access.c sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00
access.h Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00
auth.h Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
config.c Updated session allocation policy for sesman 2022-05-18 12:35:07 +01:00
config.h Updated session allocation policy for sesman 2022-05-18 12:35:07 +01:00
Doxyfile preparing sources to add new sesman control protocol 2006-05-26 13:10:14 +00:00
env.c Moved initgroups call to before auth_start_session() 2022-04-05 16:07:26 +01:00
env.h Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00
lock_uds.c fix typos 2022-09-03 02:01:48 +00:00
lock_uds.h Add lock_uds module to sesman 2022-04-18 09:09:46 +01:00
Makefile.am Move SCP to a Unix Domain Socket 2022-04-18 09:12:35 +01:00
notes.txt Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
reconnectwm.sh sesman: install empty reconnectwm.sh as a template 2017-06-20 13:40:05 +09:00
scp_process.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
scp_process.h Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
sesman.c Add --reload option to sesman 2022-11-09 09:46:36 +00:00
sesman.h Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
sesman.ini.in fix typos 2022-09-03 02:01:48 +00:00
session.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
session.h Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
sig.c Move SCP to a Unix Domain Socket 2022-04-18 09:12:35 +01:00
sig.h Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
startwm.sh fix typos 2022-09-03 02:01:48 +00:00
verify_user_bsd.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
verify_user_kerberos.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
verify_user_pam_userpass.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
verify_user_pam.c Remove unnecesssary data from struct auth_info (#2438) 2022-11-28 10:05:20 +00:00
verify_user.c Replace various types used for auth_info 2022-09-16 10:46:53 +01:00
xauth.c Moved a lot of string funcs to string_calls module 2020-12-22 11:57:24 +00:00
xauth.h Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00