diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:55:27 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:13:15 +0100 |
| commit | e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (patch) | |
| tree | 77a5a3305062243a0a9e76cd52be77a83bb0da76 /libpam/pam_get_authtok.c | |
| parent | 19a29268178951988eca29a7830f24bfef300c3c (diff) | |
| download | pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.gz pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.bz2 pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.zip | |
libpam: make use of secure memory erasure
Non trivial changes:
- erase responses in pam_get_authtok_internal() on error branch
Diffstat (limited to 'libpam/pam_get_authtok.c')
| -rw-r--r-- | libpam/pam_get_authtok.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/libpam/pam_get_authtok.c b/libpam/pam_get_authtok.c index 3fa7f7df..3f383339 100644 --- a/libpam/pam_get_authtok.c +++ b/libpam/pam_get_authtok.c @@ -33,6 +33,7 @@ #include "config.h" #include "pam_private.h" +#include "pam_inline.h" #include <security/pam_ext.h> @@ -174,6 +175,10 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item, (chpass > 1 && resp[1] == NULL)) { /* We want to abort */ + pam_overwrite_string (resp[0]); + _pam_drop (resp[0]); + pam_overwrite_string (resp[1]); + _pam_drop (resp[1]); if (chpass) pam_error (pamh, _("Password change has been aborted.")); return PAM_AUTHTOK_ERR; @@ -182,18 +187,18 @@ pam_get_authtok_internal (pam_handle_t *pamh, int item, if (chpass > 1 && strcmp (resp[0], resp[1]) != 0) { pam_error (pamh, MISTYPED_PASS); - _pam_overwrite (resp[0]); + pam_overwrite_string (resp[0]); _pam_drop (resp[0]); - _pam_overwrite (resp[1]); + pam_overwrite_string (resp[1]); _pam_drop (resp[1]); return PAM_TRY_AGAIN; } - _pam_overwrite (resp[1]); + pam_overwrite_string (resp[1]); _pam_drop (resp[1]); retval = pam_set_item (pamh, item, resp[0]); - _pam_overwrite (resp[0]); + pam_overwrite_string (resp[0]); _pam_drop (resp[0]); if (retval != PAM_SUCCESS) return retval; @@ -263,13 +268,13 @@ pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok, { pam_set_item (pamh, PAM_AUTHTOK, NULL); pam_error (pamh, MISTYPED_PASS); - _pam_overwrite (resp); + pam_overwrite_string (resp); _pam_drop (resp); return PAM_TRY_AGAIN; } retval = pam_set_item (pamh, PAM_AUTHTOK, resp); - _pam_overwrite (resp); + pam_overwrite_string (resp); _pam_drop (resp); if (retval != PAM_SUCCESS) return retval; |