1 files changed, 6 insertions, 3 deletions

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index c1028668..296e01f7 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -55,7 +55,7 @@ char *bigcrypt(const char *key, const char *salt)
 #ifdef HAVE_CRYPT_R
 	struct crypt_data *cdata;
 #endif
-	unsigned long int keylen, n_seg, j;
+	size_t keylen, n_seg, j;
 	char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr;
 	char keybuf[KEYBUF_SIZE + 1] = {};
 
@@ -67,12 +67,11 @@ char *bigcrypt(const char *key, const char *salt)
 		return NULL;
 	}
 #ifdef HAVE_CRYPT_R
-	cdata = malloc(sizeof(*cdata));
+	cdata = calloc(1, sizeof(*cdata));
 	if(!cdata) {
 		free(dec_c2_cryptbuf);
 		return NULL;
 	}
-	cdata->initialized = 0;
 #endif
 
 	/* fill KEYBUF_SIZE with key */
@@ -107,8 +106,10 @@ char *bigcrypt(const char *key, const char *salt)
 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
 #endif
 	if (tmp_ptr == NULL) {
+		pam_overwrite_array(keybuf);
 		free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
+		pam_overwrite_object(cdata);
 		free(cdata);
 #endif
 		return NULL;
@@ -136,6 +137,7 @@ char *bigcrypt(const char *key, const char *salt)
 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
 #endif
 			if (tmp_ptr == NULL) {
+				pam_overwrite_array(keybuf);
 				pam_overwrite_string(dec_c2_cryptbuf);
 				free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
@@ -156,6 +158,7 @@ char *bigcrypt(const char *key, const char *salt)
 	}
 	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
 
+	pam_overwrite_array(keybuf);
 #ifdef HAVE_CRYPT_R
 	pam_overwrite_object(cdata);
 	free(cdata);