Update upstream source from tag 'upstream/1.5.3'

Update to upstream version '1.5.3'
with Debian dir 6b9d9dfb8a4ca02d4557097ee59960e72a6a4a29

1 files changed, 7 insertions, 4 deletions

diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c
index 3559972b..49a70ff3 100644
--- a/modules/pam_unix/unix_update.c
+++ b/modules/pam_unix/unix_update.c
@@ -55,15 +55,18 @@ set_password(const char *forwho, const char *shadow, const char *remember)
     if (npass != 2) {	/* is it a valid password? */
       if (npass == 1) {
         helper_log_err(LOG_DEBUG, "no new password supplied");
-	memset(pass, '\0', PAM_MAX_RESP_SIZE);
+        pam_overwrite_array(pass);
       } else {
         helper_log_err(LOG_DEBUG, "no valid passwords supplied");
       }
       return PAM_AUTHTOK_ERR;
     }
 
-    if (lock_pwdf() != PAM_SUCCESS)
+    if (lock_pwdf() != PAM_SUCCESS) {
+	pam_overwrite_array(pass);
+	pam_overwrite_array(towhat);
 	return PAM_AUTHTOK_LOCK_BUSY;
+    }
 
     pwd = getpwnam(forwho);
 
@@ -98,8 +101,8 @@ set_password(const char *forwho, const char *shadow, const char *remember)
     }
 
 done:
-    memset(pass, '\0', PAM_MAX_RESP_SIZE);
-    memset(towhat, '\0', PAM_MAX_RESP_SIZE);
+    pam_overwrite_array(pass);
+    pam_overwrite_array(towhat);
 
     unlock_pwdf();