pam_timestamp: allocate memory before opening /dev/urandom

It's handy to have the memory allocated before trying several methods
of obtaining randomness that are going to be introduced by subsequent
commits.

* modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key):
Allocate memory before trying to open /dev/urandom.

1 files changed, 9 insertions, 8 deletions

diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
index b2aeda21..2f015c6a 100644
--- a/modules/pam_timestamp/hmac_openssl_wrapper.c
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -85,18 +85,19 @@ generate_key(pam_handle_t *pamh, char **key, size_t key_size)
 {
     int fd = 0;
     ssize_t bytes_read = 0;
-    char * tmp = NULL;
-
-    fd = open("/dev/urandom", O_RDONLY);
-    if (fd == -1) {
-        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
-        return PAM_AUTH_ERR;
-    }
+    char *tmp = *key = NULL;
 
     tmp = malloc(key_size);
     if (!tmp) {
         pam_syslog(pamh, LOG_CRIT, "Not enough memory");
-        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    fd = open("/dev/urandom", O_RDONLY);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
+        pam_overwrite_n(tmp, key_size);
+        free(tmp);
         return PAM_AUTH_ERR;
     }