From bcba17939e1b1a568cd4a764534cde74d37078cc Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 30 Jan 2023 17:56:58 +0100
Subject: modules: make use of secure memory erasure

Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.

Non trivial changes:

- pam_env:
  * erase environment variables where possible

- pam_exec:
  * erase responce on error
  * erase auth token

- pam_pwhistory:
  * erase buffers containing old passwords

- pam_selinux: skip overwriting data structure consisting of only
  pointers to insensitive data, which also gets free'd afterwards (so
  it currently does not protect against double-free or use-after-free on
  the member pointers)

- pam_unix: erase cipher data in more places

- pam_userdb: erase password hashes
---
 modules/pam_timestamp/hmac_openssl_wrapper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/pam_timestamp/hmac_openssl_wrapper.c')

diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
index 926c2fb9..df772d60 100644
--- a/modules/pam_timestamp/hmac_openssl_wrapper.c
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -144,7 +144,7 @@ read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length)
 
     if (bytes_read < (size_t)st.st_size) {
         pam_syslog(pamh, LOG_ERR, "Short read on key file");
-        memset(tmp, 0, st.st_size);
+        pam_overwrite_n(tmp, st.st_size);
         free(tmp);
         return PAM_AUTH_ERR;
     }
@@ -167,14 +167,14 @@ write_file(pam_handle_t *pamh, const char *file_name, char *text,
               S_IRUSR | S_IWUSR);
     if (fd == -1) {
         pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name);
-        memset(text, 0, text_length);
+        pam_overwrite_n(text, text_length);
         free(text);
         return PAM_AUTH_ERR;
     }
 
     if (fchown(fd, owner, group) == -1) {
         pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name);
-        memset(text, 0, text_length);
+        pam_overwrite_n(text, text_length);
         free(text);
         close(fd);
         return PAM_AUTH_ERR;
@@ -294,7 +294,7 @@ done:
         free(hmac_message);
     }
     if (key != NULL) {
-        memset(key, 0, key_length);
+        pam_overwrite_n(key, key_length);
         free(key);
     }
     if (ctx != NULL) {
-- 
cgit v1.2.3