pam_unix: do not overwrite the string returned by crypt_r

Given that the crypt_data storage passed to crypt_r is cleared
afterwards, there is no point in clearing the string returned by
crypt_r.  This also fixes the issue with those crypt_r implementations
that can return a pointer to read-only memory.

Resolves: https://github.com/linux-pam/linux-pam/issues/866

1 files changed, 4 insertions, 0 deletions

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index 296e01f7..f960d978 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -116,7 +116,9 @@ char *bigcrypt(const char *key, const char *salt)
 	}
 	/* and place in the static area */
 	strncpy(cipher_ptr, tmp_ptr, 13);
+#ifndef HAVE_CRYPT_R
 	pam_overwrite_string(tmp_ptr);
+#endif
 	cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
 	plaintext_ptr += SEGMENT_SIZE;	/* first block of SEGMENT_SIZE */
 
@@ -149,7 +151,9 @@ char *bigcrypt(const char *key, const char *salt)
 
 			/* skip the salt for seg!=0 */
 			strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
+#ifndef HAVE_CRYPT_R
 			pam_overwrite_string(tmp_ptr);
+#endif
 
 			cipher_ptr += ESEGMENT_SIZE;
 			plaintext_ptr += SEGMENT_SIZE;