From ebc35c605beca9020bb743134575fdc558dfdaf5 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Mon, 11 Dec 2023 13:43:30 +0100
Subject: pam_timestamp: allocate memory before opening /dev/urandom

It's handy to have the memory allocated before trying several methods
of obtaining randomness that are going to be introduced by subsequent
commits.

* modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key):
Allocate memory before trying to open /dev/urandom.
---
 modules/pam_timestamp/hmac_openssl_wrapper.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'modules/pam_timestamp')

diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
index b2aeda21..2f015c6a 100644
--- a/modules/pam_timestamp/hmac_openssl_wrapper.c
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -85,18 +85,19 @@ generate_key(pam_handle_t *pamh, char **key, size_t key_size)
 {
     int fd = 0;
     ssize_t bytes_read = 0;
-    char * tmp = NULL;
-
-    fd = open("/dev/urandom", O_RDONLY);
-    if (fd == -1) {
-        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
-        return PAM_AUTH_ERR;
-    }
+    char *tmp = *key = NULL;
 
     tmp = malloc(key_size);
     if (!tmp) {
         pam_syslog(pamh, LOG_CRIT, "Not enough memory");
-        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    fd = open("/dev/urandom", O_RDONLY);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
+        pam_overwrite_n(tmp, key_size);
+        free(tmp);
         return PAM_AUTH_ERR;
     }
 
-- 
cgit v1.2.3