diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:55:27 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:13:15 +0100 |
| commit | e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (patch) | |
| tree | 77a5a3305062243a0a9e76cd52be77a83bb0da76 /libpam/pam_item.c | |
| parent | 19a29268178951988eca29a7830f24bfef300c3c (diff) | |
| download | pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.gz pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.bz2 pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.zip | |
libpam: make use of secure memory erasure
Non trivial changes:
- erase responses in pam_get_authtok_internal() on error branch
Diffstat (limited to 'libpam/pam_item.c')
| -rw-r--r-- | libpam/pam_item.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/libpam/pam_item.c b/libpam/pam_item.c index d6af710b..42857da5 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -5,6 +5,7 @@ */ #include "pam_private.h" +#include "pam_inline.h" #include <ctype.h> #include <stdlib.h> @@ -79,7 +80,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) */ if (__PAM_FROM_MODULE(pamh)) { if (pamh->authtok != item) { - _pam_overwrite(pamh->authtok); + pam_overwrite_string(pamh->authtok); TRY_SET(pamh->authtok, item); } } else { @@ -95,7 +96,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) */ if (__PAM_FROM_MODULE(pamh)) { if (pamh->oldauthtok != item) { - _pam_overwrite(pamh->oldauthtok); + pam_overwrite_string(pamh->oldauthtok); TRY_SET(pamh->oldauthtok, item); } } else { @@ -139,24 +140,23 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) if (&pamh->xauth == item) break; if (pamh->xauth.namelen) { - _pam_overwrite(pamh->xauth.name); + pam_overwrite_string(pamh->xauth.name); free(pamh->xauth.name); } if (pamh->xauth.datalen) { - _pam_overwrite_n(pamh->xauth.data, - (unsigned int) pamh->xauth.datalen); + pam_overwrite_n(pamh->xauth.data, (unsigned int) pamh->xauth.datalen); free(pamh->xauth.data); } pamh->xauth = *((const struct pam_xauth_data *) item); if ((pamh->xauth.name=_pam_strdup(pamh->xauth.name)) == NULL) { - memset(&pamh->xauth, '\0', sizeof(pamh->xauth)); + pam_overwrite_object(&pamh->xauth); return PAM_BUF_ERR; } if ((pamh->xauth.data=_pam_memdup(pamh->xauth.data, pamh->xauth.datalen)) == NULL) { - _pam_overwrite(pamh->xauth.name); + pam_overwrite_string(pamh->xauth.name); free(pamh->xauth.name); - memset(&pamh->xauth, '\0', sizeof(pamh->xauth)); + pam_overwrite_object(&pamh->xauth); return PAM_BUF_ERR; } break; @@ -330,7 +330,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) /* ok, we can resume where we left off last time */ pamh->former.want_user = PAM_FALSE; - _pam_overwrite(pamh->former.prompt); + pam_overwrite_string(pamh->former.prompt); _pam_drop(pamh->former.prompt); } @@ -388,7 +388,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) * note 'resp' is allocated by the application and is * correctly free()'d here */ - _pam_drop_reply(resp, 1); + pam_drop_response(resp, 1); } D(("completed")); |