diff options
| author | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:09:57 -0600 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:09:57 -0600 |
| commit | e9aa2ef52a423a3a33299bf7e8715eb5bd76ea67 (patch) | |
| tree | 8b1bd3f4fc01ef0261a13d75cf48be9002480aaf /modules/pam_unix/passverify.c | |
| parent | 99d0d1c5c4f07332daa86e73981267a761bc966e (diff) | |
| parent | bf07335a19d6192adaf4b1a817d2101ee0bad134 (diff) | |
| download | pam-e9aa2ef52a423a3a33299bf7e8715eb5bd76ea67.tar.gz pam-e9aa2ef52a423a3a33299bf7e8715eb5bd76ea67.tar.bz2 pam-e9aa2ef52a423a3a33299bf7e8715eb5bd76ea67.zip | |
New upstream version 1.5.3
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index f2474a5b..81b10d88 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -96,7 +96,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, } else if (*hash != '$' && hash_len >= 13) { pp = bigcrypt(p, hash); if (pp && hash_len == 13 && strlen(pp) > hash_len) { - _pam_overwrite(pp + hash_len); + pam_overwrite_string(pp + hash_len); } } else { /* @@ -147,7 +147,7 @@ PAMH_ARG_DECL(int verify_pwd_hash, if (cdata != NULL) { cdata->initialized = 0; pp = x_strdup(crypt_r(p, hash, cdata)); - memset(cdata, '\0', sizeof(*cdata)); + pam_overwrite_object(cdata); free(cdata); } #else @@ -334,7 +334,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, #define PW_TMPFILE "/etc/npasswd" #define SH_TMPFILE "/etc/nshadow" -#define OPW_TMPFILE "/etc/security/nopasswd" +#define OPW_TMPFILE SCONFIGDIR "/nopasswd" /* * i64c - convert an integer to a radix 64 character @@ -427,7 +427,7 @@ PAMH_ARG_DECL(char * create_password_hash, #else char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ #endif - char *sp; + char *sp, *ret; #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; #endif @@ -456,7 +456,7 @@ PAMH_ARG_DECL(char * create_password_hash, password = tmppass; } hashed = bigcrypt(password, salt); - memset(tmppass, '\0', sizeof(tmppass)); + pam_overwrite_array(tmppass); password = NULL; return hashed; } @@ -494,18 +494,21 @@ PAMH_ARG_DECL(char * create_password_hash, on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); if(sp) { - memset(sp, '\0', strlen(sp)); + pam_overwrite_string(sp); } #ifdef HAVE_CRYPT_R + pam_overwrite_object(cdata); free(cdata); #endif return NULL; } - sp = x_strdup(sp); + ret = strdup(sp); + pam_overwrite_string(sp); #ifdef HAVE_CRYPT_R + pam_overwrite_object(cdata); free(cdata); #endif - return sp; + return ret; } #ifdef WITH_SELINUX @@ -1090,7 +1093,7 @@ helper_verify_password(const char *name, const char *p, int nullok) } if (hash) { - _pam_overwrite(hash); + pam_overwrite_string(hash); _pam_drop(hash); } |