diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-01-30 17:56:58 +0100 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 15:13:15 +0100 |
| commit | bcba17939e1b1a568cd4a764534cde74d37078cc (patch) | |
| tree | 4f3630f53cd52c2afa59435f5d36db260c1bf4a1 /modules/pam_timestamp/hmac_openssl_wrapper.c | |
| parent | 87ff7a12a55c38873905636eb8d29b4542d828f5 (diff) | |
| download | pam-bcba17939e1b1a568cd4a764534cde74d37078cc.tar.gz pam-bcba17939e1b1a568cd4a764534cde74d37078cc.tar.bz2 pam-bcba17939e1b1a568cd4a764534cde74d37078cc.zip | |
modules: make use of secure memory erasure
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_exec:
* erase responce on error
* erase auth token
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
Diffstat (limited to 'modules/pam_timestamp/hmac_openssl_wrapper.c')
| -rw-r--r-- | modules/pam_timestamp/hmac_openssl_wrapper.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c index 926c2fb9..df772d60 100644 --- a/modules/pam_timestamp/hmac_openssl_wrapper.c +++ b/modules/pam_timestamp/hmac_openssl_wrapper.c @@ -144,7 +144,7 @@ read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length) if (bytes_read < (size_t)st.st_size) { pam_syslog(pamh, LOG_ERR, "Short read on key file"); - memset(tmp, 0, st.st_size); + pam_overwrite_n(tmp, st.st_size); free(tmp); return PAM_AUTH_ERR; } @@ -167,14 +167,14 @@ write_file(pam_handle_t *pamh, const char *file_name, char *text, S_IRUSR | S_IWUSR); if (fd == -1) { pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name); - memset(text, 0, text_length); + pam_overwrite_n(text, text_length); free(text); return PAM_AUTH_ERR; } if (fchown(fd, owner, group) == -1) { pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name); - memset(text, 0, text_length); + pam_overwrite_n(text, text_length); free(text); close(fd); return PAM_AUTH_ERR; @@ -294,7 +294,7 @@ done: free(hmac_message); } if (key != NULL) { - memset(key, 0, key_length); + pam_overwrite_n(key, key_length); free(key); } if (ctx != NULL) { |