From bcba17939e1b1a568cd4a764534cde74d37078cc Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 30 Jan 2023 17:56:58 +0100
Subject: modules: make use of secure memory erasure

Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.

Non trivial changes:

- pam_env:
  * erase environment variables where possible

- pam_exec:
  * erase responce on error
  * erase auth token

- pam_pwhistory:
  * erase buffers containing old passwords

- pam_selinux: skip overwriting data structure consisting of only
  pointers to insensitive data, which also gets free'd afterwards (so
  it currently does not protect against double-free or use-after-free on
  the member pointers)

- pam_unix: erase cipher data in more places

- pam_userdb: erase password hashes
---
 modules/pam_stress/pam_stress.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'modules/pam_stress')

diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c
index 6c7a6251..b2c55586 100644
--- a/modules/pam_stress/pam_stress.c
+++ b/modules/pam_stress/pam_stress.c
@@ -18,6 +18,7 @@
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* ---------- */
 
@@ -240,7 +241,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
      /* try to set password item */
 
      retval = pam_set_item(pamh,PAM_AUTHTOK,pass);
-     _pam_overwrite(pass); /* clean up local copy of password */
+     pam_overwrite_string(pass); /* clean up local copy of password */
      free(pass);
      pass = NULL;
      if (retval != PAM_SUCCESS) {
@@ -432,7 +433,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		    return retval;
 	       }
 	       retval = pam_set_item(pamh, PAM_OLDAUTHTOK, pass);
-	       _pam_overwrite(pass);
+	       pam_overwrite_string(pass);
 	       free(pass);
 	       pass = NULL;
 	       if (retval != PAM_SUCCESS) {
@@ -495,7 +496,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	       if (strcmp(resp[i-2].resp,resp[i-1].resp)) {
 		    /* passwords are not the same; forget and return error */
 
-		    _pam_drop_reply(resp, i);
+		    pam_drop_response(resp, i);
 
 		    if (!(flags & PAM_SILENT) && !(ctrl & PAM_ST_NO_WARN)) {
 			 pmsg[0] = &msg[0];
@@ -505,7 +506,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 			 resp = NULL;
 			 (void) converse(pamh,1,pmsg,&resp);
 			 if (resp) {
-			     _pam_drop_reply(resp, 1);
+			     pam_drop_response(resp, 1);
 			 }
 		    }
 		    return PAM_AUTHTOK_ERR;
@@ -523,7 +524,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	       retval = PAM_SYSTEM_ERR;
 	  }
 
-	  _pam_drop_reply(resp, i);      /* clean up the passwords */
+	  pam_drop_response(resp, i);      /* clean up the passwords */
      } else {
 	  pam_syslog(pamh, LOG_ERR,
 		     "pam_sm_chauthtok: this must be a Linux-PAM error");
-- 
cgit v1.2.3