libpam: make use of secure memory erasure

Non trivial changes: - erase responses in pam_get_authtok_internal() on error branch
author: Christian Göttsche <cgzones@googlemail.com> 2023-01-30 17:55:27 +0100
committer: Christian Göttsche <cgzones@googlemail.com> 2023-02-28 15:13:15 +0100
commit: e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (patch)
tree: 77a5a3305062243a0a9e76cd52be77a83bb0da76 /libpam/pam_vprompt.c
parent: 19a29268178951988eca29a7830f24bfef300c3c (diff)
download: pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.gz
pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.bz2
pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/libpam/pam_vprompt.c b/libpam/pam_vprompt.c
index c53079b5..8c9d63d5 100644
--- a/libpam/pam_vprompt.c
+++ b/libpam/pam_vprompt.c
@@ -40,10 +40,10 @@
 #include <errno.h>
 
 #include <security/pam_modules.h>
-#include <security/_pam_macros.h>
 #include <security/pam_ext.h>
 
 #include "pam_private.h"
+#include "pam_inline.h"
 
 int
 pam_vprompt (pam_handle_t *pamh, int style, char **response,
@@ -88,10 +88,10 @@ pam_vprompt (pam_handle_t *pamh, int style, char **response,
     *response = pam_resp == NULL ? NULL : pam_resp->resp;
   else if (pam_resp && pam_resp->resp)
     {
-      _pam_overwrite (pam_resp->resp);
+      pam_overwrite_string (pam_resp->resp);
       _pam_drop (pam_resp->resp);
     }
-  _pam_overwrite (msgbuf);
+  pam_overwrite_string (msgbuf);
   _pam_drop (pam_resp);
   free (msgbuf);
   if (retval != PAM_SUCCESS)
author	Christian Göttsche <cgzones@googlemail.com>	2023-01-30 17:55:27 +0100
committer	Christian Göttsche <cgzones@googlemail.com>	2023-02-28 15:13:15 +0100
commit	e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (patch)
tree	77a5a3305062243a0a9e76cd52be77a83bb0da76 /libpam/pam_vprompt.c
parent	19a29268178951988eca29a7830f24bfef300c3c (diff)
download	pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.gz pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.tar.bz2 pam-e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4.zip