diff options
| author | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:10:02 -0600 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:10:02 -0600 |
| commit | 42408448b00a7a2150b5853dc4f63296b6827e0e (patch) | |
| tree | f2d801e728b41563b77ebe89a3d560319ff37d31 /modules/pam_unix/passverify.c | |
| parent | b99a4f53dcf4725e4b3b861fd8a28c0156a8a147 (diff) | |
| parent | e9aa2ef52a423a3a33299bf7e8715eb5bd76ea67 (diff) | |
| download | pam-42408448b00a7a2150b5853dc4f63296b6827e0e.tar.gz pam-42408448b00a7a2150b5853dc4f63296b6827e0e.tar.bz2 pam-42408448b00a7a2150b5853dc4f63296b6827e0e.zip | |
Update upstream source from tag 'upstream/1.5.3'
Update to upstream version '1.5.3'
with Debian dir 6b9d9dfb8a4ca02d4557097ee59960e72a6a4a29
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index f2474a5b..81b10d88 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -96,7 +96,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, } else if (*hash != '$' && hash_len >= 13) { pp = bigcrypt(p, hash); if (pp && hash_len == 13 && strlen(pp) > hash_len) { - _pam_overwrite(pp + hash_len); + pam_overwrite_string(pp + hash_len); } } else { /* @@ -147,7 +147,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, if (cdata != NULL) { cdata->initialized = 0; pp = x_strdup(crypt_r(p, hash, cdata)); - memset(cdata, '\0', sizeof(*cdata)); + pam_overwrite_object(cdata); free(cdata); } #else @@ -334,7 +334,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, #define PW_TMPFILE "/etc/npasswd" #define SH_TMPFILE "/etc/nshadow" -#define OPW_TMPFILE "/etc/security/nopasswd" +#define OPW_TMPFILE SCONFIGDIR "/nopasswd" /* * i64c - convert an integer to a radix 64 character @@ -427,7 +427,7 @@ PAMH_ARG_DECL(char * create_password_hash, #else char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ #endif - char *sp; + char *sp, *ret; #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; #endif @@ -456,7 +456,7 @@ PAMH_ARG_DECL(char * create_password_hash, password = tmppass; } hashed = bigcrypt(password, salt); - memset(tmppass, '\0', sizeof(tmppass)); + pam_overwrite_array(tmppass); password = NULL; return hashed; } @@ -494,18 +494,21 @@ PAMH_ARG_DECL(char * create_password_hash, on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); if(sp) { - memset(sp, '\0', strlen(sp)); + pam_overwrite_string(sp); } #ifdef HAVE_CRYPT_R + pam_overwrite_object(cdata); free(cdata); #endif return NULL; } - sp = x_strdup(sp); + ret = strdup(sp); + pam_overwrite_string(sp); #ifdef HAVE_CRYPT_R + pam_overwrite_object(cdata); free(cdata); #endif - return sp; + return ret; } #ifdef WITH_SELINUX @@ -1090,7 +1093,7 @@ helper_verify_password(const char *name, const char *p, int nullok) } if (hash) { - _pam_overwrite(hash); + pam_overwrite_string(hash); _pam_drop(hash); } |