aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_unix/bigcrypt.c
diff options
context:
space:
mode:
authorSam Hartman <hartmans@debian.org>2024-02-27 21:25:44 -0700
committerSam Hartman <hartmans@debian.org>2024-02-27 21:25:44 -0700
commit58c5a173ca608476917893e9054cf3d53d0b0744 (patch)
treec5d2ab69a993c150f48f705bff9d76c1139f1e33 /modules/pam_unix/bigcrypt.c
parent80d000dd6637be445a9a0fd930de765cc40352da (diff)
parent56cd5768b32fd97a7156977dcbbd40715e158e9c (diff)
downloadpam-58c5a173ca608476917893e9054cf3d53d0b0744.tar.gz
pam-58c5a173ca608476917893e9054cf3d53d0b0744.tar.bz2
pam-58c5a173ca608476917893e9054cf3d53d0b0744.zip
Merge in 1.5.3 from experimental
Diffstat (limited to 'modules/pam_unix/bigcrypt.c')
-rw-r--r--modules/pam_unix/bigcrypt.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index d8d61a4b..c1028668 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <stdlib.h>
#include <security/_pam_macros.h>
+#include "pam_inline.h"
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
@@ -56,12 +57,12 @@ char *bigcrypt(const char *key, const char *salt)
#endif
unsigned long int keylen, n_seg, j;
char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr;
- char keybuf[KEYBUF_SIZE + 1];
+ char keybuf[KEYBUF_SIZE + 1] = {};
D(("called with key='%s', salt='%s'.", key, salt));
/* reset arrays */
- dec_c2_cryptbuf = malloc(CBUF_SIZE);
+ dec_c2_cryptbuf = calloc(1, CBUF_SIZE);
if (!dec_c2_cryptbuf) {
return NULL;
}
@@ -73,8 +74,6 @@ char *bigcrypt(const char *key, const char *salt)
}
cdata->initialized = 0;
#endif
- memset(keybuf, 0, KEYBUF_SIZE + 1);
- memset(dec_c2_cryptbuf, 0, CBUF_SIZE);
/* fill KEYBUF_SIZE with key */
strncpy(keybuf, key, KEYBUF_SIZE);
@@ -116,6 +115,7 @@ char *bigcrypt(const char *key, const char *salt)
}
/* and place in the static area */
strncpy(cipher_ptr, tmp_ptr, 13);
+ pam_overwrite_string(tmp_ptr);
cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
plaintext_ptr += SEGMENT_SIZE; /* first block of SEGMENT_SIZE */
@@ -136,9 +136,10 @@ char *bigcrypt(const char *key, const char *salt)
tmp_ptr = crypt(plaintext_ptr, salt_ptr);
#endif
if (tmp_ptr == NULL) {
- _pam_overwrite(dec_c2_cryptbuf);
+ pam_overwrite_string(dec_c2_cryptbuf);
free(dec_c2_cryptbuf);
#ifdef HAVE_CRYPT_R
+ pam_overwrite_object(cdata);
free(cdata);
#endif
return NULL;
@@ -146,6 +147,7 @@ char *bigcrypt(const char *key, const char *salt)
/* skip the salt for seg!=0 */
strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
+ pam_overwrite_string(tmp_ptr);
cipher_ptr += ESEGMENT_SIZE;
plaintext_ptr += SEGMENT_SIZE;
@@ -155,6 +157,7 @@ char *bigcrypt(const char *key, const char *salt)
D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
#ifdef HAVE_CRYPT_R
+ pam_overwrite_object(cdata);
free(cdata);
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 11:46:14 +0000