modules: zero out crypt_r(3) data before usage

The manual page of crypt_r(3) recommends to zero the entire data object.

2 files changed, 3 insertions, 6 deletions

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index be7cdb93..1b32c3f2 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -67,12 +67,11 @@ char *bigcrypt(const char *key, const char *salt)
 		return NULL;
 	}
 #ifdef HAVE_CRYPT_R
-	cdata = malloc(sizeof(*cdata));
+	cdata = calloc(1, sizeof(*cdata));
 	if(!cdata) {
 		free(dec_c2_cryptbuf);
 		return NULL;
 	}
-	cdata->initialized = 0;
 #endif
 
 	/* fill KEYBUF_SIZE with key */
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 1bc98fa2..30045333 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -144,9 +144,8 @@ PAMH_ARG_DECL(int verify_pwd_hash,
 #endif
 #ifdef HAVE_CRYPT_R
 			struct crypt_data *cdata;
-			cdata = malloc(sizeof(*cdata));
+			cdata = calloc(1, sizeof(*cdata));
 			if (cdata != NULL) {
-				cdata->initialized = 0;
 				pp = x_strdup(crypt_r(p, hash, cdata));
 				pam_overwrite_object(cdata);
 				free(cdata);
@@ -503,9 +502,8 @@ PAMH_ARG_DECL(char * create_password_hash,
 #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */
 #ifdef HAVE_CRYPT_R
 	sp = NULL;
-	cdata = malloc(sizeof(*cdata));
+	cdata = calloc(1, sizeof(*cdata));
 	if (cdata != NULL) {
-		cdata->initialized = 0;
 		sp = crypt_r(password, salt, cdata);
 	}
 #else