From dd733a5214fc3ef391a74e94f2c62ffa3000722b Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 30 Jan 2023 17:55:27 +0100
Subject: libpam_misc: make use of secure memory erasure

---
 libpam_misc/help_env.c  | 5 +++--
 libpam_misc/misc_conv.c | 9 +++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

(limited to 'libpam_misc')

diff --git a/libpam_misc/help_env.c b/libpam_misc/help_env.c
index 601c5f41..b01c9f71 100644
--- a/libpam_misc/help_env.c
+++ b/libpam_misc/help_env.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <security/pam_misc.h>
+#include "pam_inline.h"
 
 /*
  * This function should be used to carefully dispose of the copied
@@ -25,7 +26,7 @@ char **pam_misc_drop_env(char **dump)
 
     for (i=0; dump[i] != NULL; ++i) {
 	D(("dump[%d]=`%s'", i, dump[i]));
-	_pam_overwrite(dump[i]);
+	pam_overwrite_string(dump[i]);
 	_pam_drop(dump[i]);
     }
     _pam_drop(dump);
@@ -77,7 +78,7 @@ int pam_misc_setenv(pam_handle_t *pamh, const char *name
     if (asprintf(&tmp, "%s=%s", name, value) >= 0) {
 	D(("pam_putt()ing: %s", tmp));
 	retval = pam_putenv(pamh, tmp);
-	_pam_overwrite(tmp);                 /* purge */
+	pam_overwrite_string(tmp);           /* purge */
 	_pam_drop(tmp);                      /* forget */
     } else {
 	D(("malloc failure"));
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index 908ee890..dbcd6aec 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -17,6 +17,7 @@
 
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
+#include "pam_inline.h"
 
 #define INPUTSIZE PAM_MISC_CONV_BUFSIZE      /* maximum length of input+1 */
 #define CONV_ECHO_ON  1                            /* types of echo state */
@@ -185,7 +186,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
 		    int rv;
 		    if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) {
 			if (rv < 0) {
-			    _pam_overwrite_n(line, (unsigned int) nc);
+			    pam_overwrite_n(line, (unsigned int) nc);
 			    nc = rv;
 			}
 			break;
@@ -213,7 +214,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
 		    line[nc] = '\0';
 		}
 		*retstr = strdup(line);
-		_pam_overwrite(line);
+		pam_overwrite_array(line);
 		if (!*retstr) {
 		    D(("no memory for response string"));
 		    nc = -1;
@@ -246,7 +247,7 @@ static int read_string(int echo, const char *prompt, char **retstr)
     D(("the timer appears to have expired"));
 
     *retstr = NULL;
-    _pam_overwrite_n(line, sizeof(line));
+    pam_overwrite_array(line);
 
  cleanexit:
 
@@ -376,7 +377,7 @@ failed_conversation:
 	    switch (msgm[count]->msg_style) {
 	    case PAM_PROMPT_ECHO_ON:
 	    case PAM_PROMPT_ECHO_OFF:
-		_pam_overwrite(reply[count].resp);
+		pam_overwrite_string(reply[count].resp);
 		free(reply[count].resp);
 		break;
 	    case PAM_BINARY_PROMPT:
-- 
cgit v1.2.3