From bcba17939e1b1a568cd4a764534cde74d37078cc Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Mon, 30 Jan 2023 17:56:58 +0100 Subject: modules: make use of secure memory erasure Use empty initialization of structs to minimize the memset() usage, to reduce the amount of calls which are not sensitive. Non trivial changes: - pam_env: * erase environment variables where possible - pam_exec: * erase responce on error * erase auth token - pam_pwhistory: * erase buffers containing old passwords - pam_selinux: skip overwriting data structure consisting of only pointers to insensitive data, which also gets free'd afterwards (so it currently does not protect against double-free or use-after-free on the member pointers) - pam_unix: erase cipher data in more places - pam_userdb: erase password hashes --- modules/pam_namespace/md5.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules/pam_namespace/md5.c') diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c index 22e41ee0..07ad9a02 100644 --- a/modules/pam_namespace/md5.c +++ b/modules/pam_namespace/md5.c @@ -21,6 +21,8 @@ #include "md5.h" #include +#include "pam_inline.h" + #define MD5Name(x) x #ifdef WORDS_BIGENDIAN @@ -149,7 +151,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i); byteReverse(ctx->buf.c, 4); memcpy(digest, ctx->buf.c, 16); - memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ + pam_overwrite_object(ctx); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */ -- cgit v1.2.3