aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_namespace/md5.c
Commit message (Collapse)AuthorAgeFilesLines
* modules: make use of secure memory erasureChristian Göttsche2023-02-281-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes
* Fix -Wcast-align compilation warnings on armDmitry V. Levin2020-08-061-20/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently, gcc is also not smart enough to infer the alignment of structure fields, for details see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89133 Use unions to avoid these casts altogether, this fixes compilation warnings reported by gcc on arm, e.g.: md5.c: In function 'MD5Update': md5.c:92:35: error: cast increases required alignment of target type [-Werror=cast-align] 92 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c:101:35: error: cast increases required alignment of target type [-Werror=cast-align] 101 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c: In function 'MD5Final': md5.c:136:35: error: cast increases required alignment of target type [-Werror=cast-align] 136 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ md5.c:147:9: error: cast increases required alignment of target type [-Werror=cast-align] 147 | memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); | ^ md5.c:149:34: error: cast increases required alignment of target type [-Werror=cast-align] 149 | MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); | ^ * modules/pam_namespace/md5.h (struct MD5Context): Replace "buf" and "in" fields with unions. All users updated. * modules/pam_unix/md5.h (struct MD5Context): Likewise. * modules/pam_timestamp/sha1.h (struct sha1_context.pending): Replace with a union. All users updated. Complements: v1.4.0~195 ("Fix most of clang -Wcast-align compilation warnings")
* pam_namespace: fix big-endian check in md5 implementationDmitry V. Levin2020-08-051-4/+4
| | | | | | | * modules/pam_namespace/md5.c: Do not check against the list of architectures that are known to be little-endian, instead check for WORDS_BIGENDIAN macro defined by AC_C_BIGENDIAN autoconf macro on big-endian platforms.
* Fix most of clang -Wcast-align compilation warningsDmitry V. Levin2020-03-191-2/+4
| | | | | | | | | | | | | | | | | | | Unlike gcc, clang is not smart enough to infer the alignment of structure fields, so add some alignment hints to the code. * libpam/include/pam_cc_compat.h (PAM_ATTRIBUTE_ALIGNED): New macro. * modules/pam_namespace/md5.h: Include "pam_cc_compat.h". (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. * modules/pam_namespace/md5.c [!(__i386__ || __x86_64__)] (uint8_aligned): New type. [!(__i386__ || __x86_64__)] (byteReverse): Use it instead of unsigned char. * modules/pam_timestamp/sha1.h: Include "pam_cc_compat.h". (struct sha1_context): Add PAM_ATTRIBUTE_ALIGNED to pending field. * modules/pam_unix/md5.h: Include "pam_cc_compat.h". (struct MD5Context): Add PAM_ATTRIBUTE_ALIGNED to "in" field. * modules/pam_unix/md5.c [!HIGHFIRST] (uint8_aligned): New type. [!HIGHFIRST] (byteReverse): Use it instead of unsigned char.
* Fix strict aliasing issue in MD5 implementations.Tomas Mraz2013-03-281-2/+1
| | | | | modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment. modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
* Fix whitespace issuesDmitry V. Levin2011-10-261-1/+1
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs:Tomas Mraz2011-03-181-1/+1
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-18 Tomas Mraz <tm@t8m.info> * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. (protect_dir): Guard for -1 passing to close(). (ns_setup): Likewise. (pam_sm_open_session): Correctly test for SELinux enabled flag.
* Relevant BUGIDs:Tomas Mraz2006-06-271-0/+260
Purpose of commit: new feature Commit summary: --------------- * modules/pam_namespace/pam_namespace.c: New module originally written by Janak Desai. * modules/pam_namespace/Makefile.am: New. * modules/pam_namespace/README: New. * modules/pam_namespace/md5.c: New. * modules/pam_namespace/md5.h: New. * modules/pam_namespace/namespace.conf: New. * modules/pam_namespace/namespace.conf.5: New. * modules/pam_namespace/namespace.conf.5.xml: New. * modules/pam_namespace/namespace.init: New. * modules/pam_namespace/pam_namespace.8: New. * modules/pam_namespace/pam_namespace.8.xml: New. * modules/Makefile.am: Added pam_namespace. * configure.in: Added pam_namespace, test for unshare library call.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 02:12:18 +0000