pam_unix: clean additional possible sensitive buffers

author: Christian Göttsche <cgzones@googlemail.com> 2024-01-04 18:24:05 +0100
committer: Dmitry V. Levin <ldv@strace.io> 2024-01-15 20:01:23 +0000
commit: d5c01cfd6e47503fb597c5568f43cdf079a30719 (patch)
tree: 66a50558ea70bd15435df02e57d4ce4de496c80e /modules/pam_unix/pam_unix_passwd.c
parent: 05d50c9f29ef1a1c897feb604c0595142840a93e (diff)
download: pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.gz
pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.bz2
pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 3a223949..b915ce66 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -350,7 +350,7 @@ static int check_old_password(const char *forwho, const char *newpass)
 	if (opwfile == NULL)
 		return PAM_ABORT;
 
-	while (getline(&buf, &n, opwfile) != -1) {
+	for (; getline(&buf, &n, opwfile) != -1; pam_overwrite_n(buf, n)) {
 		if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
 			buf[len] == ',')) {
 			char *sptr;
@@ -372,6 +372,7 @@ static int check_old_password(const char *forwho, const char *newpass)
 			break;
 		}
 	}
+	pam_overwrite_n(buf, n);
 	free(buf);
 	fclose(opwfile);
author	Christian Göttsche <cgzones@googlemail.com>	2024-01-04 18:24:05 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-15 20:01:23 +0000
commit	d5c01cfd6e47503fb597c5568f43cdf079a30719 (patch)
tree	66a50558ea70bd15435df02e57d4ce4de496c80e /modules/pam_unix/pam_unix_passwd.c
parent	05d50c9f29ef1a1c897feb604c0595142840a93e (diff)
download	pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.gz pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.tar.bz2 pam-d5c01cfd6e47503fb597c5568f43cdf079a30719.zip