diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:56:58 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:13:15 +0100 |
| commit | bcba17939e1b1a568cd4a764534cde74d37078cc (patch) | |
| tree | 4f3630f53cd52c2afa59435f5d36db260c1bf4a1 /modules/pam_group | |
| parent | 87ff7a12a55c38873905636eb8d29b4542d828f5 (diff) | |
| download | pam-bcba17939e1b1a568cd4a764534cde74d37078cc.tar.gz pam-bcba17939e1b1a568cd4a764534cde74d37078cc.tar.bz2 pam-bcba17939e1b1a568cd4a764534cde74d37078cc.zip | |
modules: make use of secure memory erasure
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
Diffstat (limited to 'modules/pam_group')
| -rw-r--r-- | modules/pam_group/pam_group.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index c49358a1..6877849e 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -44,6 +44,7 @@ typedef enum { AND, OR } operator; #include <security/_pam_macros.h> #include <security/pam_modutil.h> #include <security/pam_ext.h> +#include "pam_inline.h" /* --- static functions for checking whether the user should be let in --- */ @@ -53,7 +54,7 @@ shift_buf(char *mem, int from) char *start = mem; while ((*mem = mem[from]) != '\0') ++mem; - memset(mem, '\0', PAM_GROUP_BUFLEN - (mem - start)); + pam_overwrite_n(mem, PAM_GROUP_BUFLEN - (mem - start)); return mem; } @@ -114,7 +115,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, if (i < 0) { pam_syslog(pamh, LOG_ERR, "error reading %s: %m", conf_filename); close(fd); - memset(*buf, 0, PAM_GROUP_BUFLEN); + pam_overwrite_n(*buf, PAM_GROUP_BUFLEN); _pam_drop(*buf); *state = STATE_EOF; return -1; @@ -133,7 +134,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, return -1; } - memset(to, '\0', PAM_GROUP_BUFLEN - (to - *buf)); + pam_overwrite_n(to, PAM_GROUP_BUFLEN - (to - *buf)); to = *buf; onspace = 1; /* delete any leading spaces */ @@ -744,7 +745,7 @@ static int check_account(pam_handle_t *pamh, const char *service, } if (grps) { /* tidy up */ - memset(grps, 0, sizeof(gid_t) * blk_size(no_grps)); + pam_overwrite_n(grps, sizeof(gid_t) * blk_size(no_grps)); _pam_drop(grps); no_grps = 0; } |