pam_unix: clean additional possible sensitive buffers

author: Christian Göttsche <cgzones@googlemail.com> 2024-01-04 18:24:05 +0100
committer: Dmitry V. Levin <ldv@strace.io> 2024-01-15 20:01:23 +0000
commit: d5c01cfd6e47503fb597c5568f43cdf079a30719 (patch)
tree: 66a50558ea70bd15435df02e57d4ce4de496c80e /modules/pam_unix/bigcrypt.c
parent: 05d50c9f29ef1a1c897feb604c0595142840a93e (diff)
download: pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.gz
pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.bz2
pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index f7c35a47..be7cdb93 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -107,6 +107,7 @@ char *bigcrypt(const char *key, const char *salt)
 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
 #endif
 	if (tmp_ptr == NULL) {
+		pam_overwrite_array(keybuf);
 		free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
 		free(cdata);
@@ -136,6 +137,7 @@ char *bigcrypt(const char *key, const char *salt)
 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
 #endif
 			if (tmp_ptr == NULL) {
+				pam_overwrite_array(keybuf);
 				pam_overwrite_string(dec_c2_cryptbuf);
 				free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
@@ -156,6 +158,7 @@ char *bigcrypt(const char *key, const char *salt)
 	}
 	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
 
+	pam_overwrite_array(keybuf);
 #ifdef HAVE_CRYPT_R
 	pam_overwrite_object(cdata);
 	free(cdata);
author	Christian Göttsche <cgzones@googlemail.com>	2024-01-04 18:24:05 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-15 20:01:23 +0000
commit	d5c01cfd6e47503fb597c5568f43cdf079a30719 (patch)
tree	66a50558ea70bd15435df02e57d4ce4de496c80e /modules/pam_unix/bigcrypt.c
parent	05d50c9f29ef1a1c897feb604c0595142840a93e (diff)
download	pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.gz pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.bz2 pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.zip