diff options
| author | Sam Hartman <hartmans@debian.org> | 2024-02-27 21:25:44 -0700 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2024-02-27 21:25:44 -0700 |
| commit | 58c5a173ca608476917893e9054cf3d53d0b0744 (patch) | |
| tree | c5d2ab69a993c150f48f705bff9d76c1139f1e33 /modules/pam_timestamp/hmac_openssl_wrapper.c | |
| parent | 80d000dd6637be445a9a0fd930de765cc40352da (diff) | |
| parent | 56cd5768b32fd97a7156977dcbbd40715e158e9c (diff) | |
| download | pam-58c5a173ca608476917893e9054cf3d53d0b0744.tar.gz pam-58c5a173ca608476917893e9054cf3d53d0b0744.tar.bz2 pam-58c5a173ca608476917893e9054cf3d53d0b0744.zip | |
Merge in 1.5.3 from experimental
Diffstat (limited to 'modules/pam_timestamp/hmac_openssl_wrapper.c')
| -rw-r--r-- | modules/pam_timestamp/hmac_openssl_wrapper.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c index 926c2fb9..2549c1db 100644 --- a/modules/pam_timestamp/hmac_openssl_wrapper.c +++ b/modules/pam_timestamp/hmac_openssl_wrapper.c @@ -54,6 +54,7 @@ #include <security/pam_modutil.h> #include "hmac_openssl_wrapper.h" +#include "pam_inline.h" #define LOGIN_DEFS "/etc/login.defs" #define CRYPTO_KEY "HMAC_CRYPTO_ALGO" @@ -144,7 +145,7 @@ read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length) if (bytes_read < (size_t)st.st_size) { pam_syslog(pamh, LOG_ERR, "Short read on key file"); - memset(tmp, 0, st.st_size); + pam_overwrite_n(tmp, st.st_size); free(tmp); return PAM_AUTH_ERR; } @@ -167,14 +168,14 @@ write_file(pam_handle_t *pamh, const char *file_name, char *text, S_IRUSR | S_IWUSR); if (fd == -1) { pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name); - memset(text, 0, text_length); + pam_overwrite_n(text, text_length); free(text); return PAM_AUTH_ERR; } if (fchown(fd, owner, group) == -1) { pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name); - memset(text, 0, text_length); + pam_overwrite_n(text, text_length); free(text); close(fd); return PAM_AUTH_ERR; @@ -294,7 +295,7 @@ done: free(hmac_message); } if (key != NULL) { - memset(key, 0, key_length); + pam_overwrite_n(key, key_length); free(key); } if (ctx != NULL) { |