diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2024-01-16 15:12:58 +0100 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-21 08:00:00 +0000 |
| commit | 0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7 (patch) | |
| tree | 854b6c8e6b0c3c5e99d604efb5b1e381b5fd915a | |
| parent | 63476f211a8c02bcd24786a1373012d1831774ec (diff) | |
| download | pam-0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7.tar.gz pam-0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7.tar.bz2 pam-0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7.zip | |
modules: zero out crypt_r(3) data before usage
The manual page of crypt_r(3) recommends to zero the entire data object.
| -rw-r--r-- | modules/pam_pwhistory/opasswd.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/bigcrypt.c | 3 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 6 | ||||
| -rw-r--r-- | modules/pam_userdb/pam_userdb.c | 3 |
4 files changed, 5 insertions, 11 deletions
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index b7711e03..a4bcbaae 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -127,9 +127,7 @@ compare_password(const char *newpass, const char *oldpass) char *outval; int retval; #ifdef HAVE_CRYPT_R - struct crypt_data output; - - output.initialized = 0; + struct crypt_data output = { 0 }; outval = crypt_r (newpass, oldpass, &output); #else diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index be7cdb93..1b32c3f2 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -67,12 +67,11 @@ char *bigcrypt(const char *key, const char *salt) return NULL; } #ifdef HAVE_CRYPT_R - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if(!cdata) { free(dec_c2_cryptbuf); return NULL; } - cdata->initialized = 0; #endif /* fill KEYBUF_SIZE with key */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 1bc98fa2..30045333 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -144,9 +144,8 @@ PAMH_ARG_DECL(int verify_pwd_hash, #endif #ifdef HAVE_CRYPT_R struct crypt_data *cdata; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; pp = x_strdup(crypt_r(p, hash, cdata)); pam_overwrite_object(cdata); free(cdata); @@ -503,9 +502,8 @@ PAMH_ARG_DECL(char * create_password_hash, #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ #ifdef HAVE_CRYPT_R sp = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; sp = crypt_r(password, salt, cdata); } #else diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 0b5e5965..7e1407f4 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -287,11 +287,10 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, } else { #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata == NULL) { pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data"); } else { - cdata->initialized = 0; cryptpw = crypt_r(pass, pwhash, cdata); } #else |