pam_timestamp: use secure memory erasure

Closes: #575
author: Christian Göttsche <cgzones@googlemail.com> 2023-08-07 12:57:38 +0200
committer: Dmitry V. Levin <ldv@strace.io> 2023-08-07 13:10:27 +0000
commit: 05b7aa13d9cc57ac6d303937e630e92d94825ee5 (patch)
tree: 2737a59afc19f8285abc0a0ed87b384f1a58cf0d
parent: 72d49e31715346246723ae9d95d2891f77cb1c9e (diff)
download: pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.tar.gz
pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.tar.bz2
pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c
index 2adb5a3b..dff454cf 100644
--- a/modules/pam_timestamp/sha1.c
+++ b/modules/pam_timestamp/sha1.c
@@ -47,6 +47,7 @@
 #include <endian.h>
 #include <unistd.h>
 #include "sha1.h"
+#include "pam_inline.h"
 
 static const unsigned char
 padding[SHA1_BLOCK_SIZE] = {
@@ -142,8 +143,8 @@ sha1_process(struct sha1_context *ctx, uint32_t buffer[SHA1_BLOCK_SIZE / 4])
 	ctx->d += d;
 	ctx->e += e;
 
-	memset(buffer, 0, sizeof(buffer[0]) * SHA1_BLOCK_SIZE / 4);
-	memset(data, 0, sizeof(data));
+	pam_overwrite_n(buffer, sizeof(buffer[0]) * SHA1_BLOCK_SIZE / 4);
+	pam_overwrite_array(data);
 }
 
 void
author	Christian Göttsche <cgzones@googlemail.com>	2023-08-07 12:57:38 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2023-08-07 13:10:27 +0000
commit	05b7aa13d9cc57ac6d303937e630e92d94825ee5 (patch)
tree	2737a59afc19f8285abc0a0ed87b384f1a58cf0d
parent	72d49e31715346246723ae9d95d2891f77cb1c9e (diff)
download	pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.tar.gz pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.tar.bz2 pam-05b7aa13d9cc57ac6d303937e630e92d94825ee5.zip