diff options
Diffstat (limited to 'modules/pam_pwhistory')
| -rw-r--r-- | modules/pam_pwhistory/opasswd.c | 13 | ||||
| -rw-r--r-- | modules/pam_pwhistory/pwhistory_helper.c | 2 |
2 files changed, 11 insertions, 4 deletions
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index 1d3242ca..859b3da4 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -68,6 +68,7 @@ #include <security/pam_ext.h> #endif #include <security/pam_modules.h> +#include "pam_inline.h" #include "opasswd.h" @@ -129,6 +130,7 @@ compare_password(const char *newpass, const char *oldpass) char *outval; #ifdef HAVE_CRYPT_R struct crypt_data output; + int retval; output.initialized = 0; @@ -137,7 +139,9 @@ compare_password(const char *newpass, const char *oldpass) outval = crypt (newpass, oldpass); #endif - return outval != NULL && strcmp(outval, oldpass) == 0; + retval = outval != NULL && strcmp(outval, oldpass) == 0; + pam_overwrite_string(outval); + return retval; } /* Check, if the new password is already in the opasswd file. */ @@ -238,8 +242,8 @@ check_old_pass, const char *user, const char *newpass, const char *filename, int } while (oldpass != NULL); } - if (buf) - free (buf); + pam_overwrite_n(buf, buflen); + free (buf); return retval; } @@ -519,6 +523,7 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN } if (fputs (out, newpf) < 0) { + pam_overwrite_string(out); free (out); retval = PAM_AUTHTOK_ERR; if (oldpf) @@ -526,6 +531,7 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN fclose (newpf); goto error_opasswd; } + pam_overwrite_string(out); free (out); } @@ -571,6 +577,7 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN rename (opasswd_tmp, opasswd_file); error_opasswd: unlink (opasswd_tmp); + pam_overwrite_n(buf, buflen); free (buf); return retval; diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c index 7a61ae53..469d95fa 100644 --- a/modules/pam_pwhistory/pwhistory_helper.c +++ b/modules/pam_pwhistory/pwhistory_helper.c @@ -70,7 +70,7 @@ check_history(const char *user, const char *filename, const char *debug) retval = check_old_pass(user, pass, filename, dbg); - memset(pass, '\0', PAM_MAX_RESP_SIZE); /* clear memory of the password */ + pam_overwrite_array(pass); /* clear memory of the password */ return retval; } |