libpam_misc: make use of secure memory erasure

author: Christian Göttsche <cgzones@googlemail.com> 2023-01-30 17:55:27 +0100
committer: Christian Göttsche <cgzones@googlemail.com> 2023-02-28 15:13:15 +0100
commit: dd733a5214fc3ef391a74e94f2c62ffa3000722b (patch)
tree: b48cdc2ce81979699a20417a46a36e432f9f9bce /libpam_misc
parent: e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (diff)
download: pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.tar.gz
pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.tar.bz2
pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.zip
2 files changed, 8 insertions, 6 deletions
diff --git a/libpam_misc/help_env.c b/libpam_misc/help_env.c
index 601c5f41..b01c9f71 100644
--- a/libpam_misc/help_env.c
+++ b/libpam_misc/help_env.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <security/pam_misc.h>
+#include "pam_inline.h"
 
 /*
  * This function should be used to carefully dispose of the copied
@@ -25,7 +26,7 @@ char **pam_misc_drop_env(char **dump)
 
     for (i=0; dump[i] != NULL; ++i) {
 	D(("dump[%d]=`%s'", i, dump[i]));
-	_pam_overwrite(dump[i]);
+	pam_overwrite_string(dump[i]);
 	_pam_drop(dump[i]);
     }
     _pam_drop(dump);
@@ -77,7 +78,7 @@ int pam_misc_setenv(pam_handle_t *pamh, const char *name
     if (asprintf(&tmp, "%s=%s", name, value) >= 0) {
 	D(("pam_putt()ing: %s", tmp));
 	retval = pam_putenv(pamh, tmp);
-	_pam_overwrite(tmp);                 /* purge */
+	pam_overwrite_string(tmp);           /* purge */
 	_pam_drop(tmp);                      /* forget */
     } else {
 	D(("malloc failure"));
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index 908ee890..dbcd6aec 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -17,6 +17,7 @@
 
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
+#include "pam_inline.h"
 
 #define INPUTSIZE PAM_MISC_CONV_BUFSIZE      /* maximum length of input+1 */
 #define CONV_ECHO_ON  1                            /* types of echo state */
@@ -185,7 +186,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
 		    int rv;
 		    if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) {
 			if (rv < 0) {
-			    _pam_overwrite_n(line, (unsigned int) nc);
+			    pam_overwrite_n(line, (unsigned int) nc);
 			    nc = rv;
 			}
 			break;
@@ -213,7 +214,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
 		    line[nc] = '\0';
 		}
 		*retstr = strdup(line);
-		_pam_overwrite(line);
+		pam_overwrite_array(line);
 		if (!*retstr) {
 		    D(("no memory for response string"));
 		    nc = -1;
@@ -246,7 +247,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
     D(("the timer appears to have expired"));
 
     *retstr = NULL;
-    _pam_overwrite_n(line, sizeof(line));
+    pam_overwrite_array(line);
 
  cleanexit:
 
@@ -376,7 +377,7 @@ failed_conversation:
 	    switch (msgm[count]->msg_style) {
 	    case PAM_PROMPT_ECHO_ON:
 	    case PAM_PROMPT_ECHO_OFF:
-		_pam_overwrite(reply[count].resp);
+		pam_overwrite_string(reply[count].resp);
 		free(reply[count].resp);
 		break;
 	    case PAM_BINARY_PROMPT:
author	Christian Göttsche <cgzones@googlemail.com>	2023-01-30 17:55:27 +0100
committer	Christian Göttsche <cgzones@googlemail.com>	2023-02-28 15:13:15 +0100
commit	dd733a5214fc3ef391a74e94f2c62ffa3000722b (patch)
tree	b48cdc2ce81979699a20417a46a36e432f9f9bce /libpam_misc
parent	e2d01a42c16e0d074764c3e8d2f6a2e6c0ceafc4 (diff)
download	pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.tar.gz pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.tar.bz2 pam-dd733a5214fc3ef391a74e94f2c62ffa3000722b.zip