From 05d50c9f29ef1a1c897feb604c0595142840a93e Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Thu, 4 Jan 2024 18:24:03 +0100 Subject: pam_unix: use more appropriate types --- modules/pam_unix/bigcrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_unix/bigcrypt.c') diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index c1028668..f7c35a47 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -55,7 +55,7 @@ char *bigcrypt(const char *key, const char *salt) #ifdef HAVE_CRYPT_R struct crypt_data *cdata; #endif - unsigned long int keylen, n_seg, j; + size_t keylen, n_seg, j; char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr; char keybuf[KEYBUF_SIZE + 1] = {}; -- cgit v1.2.3 From d5c01cfd6e47503fb597c5568f43cdf079a30719 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Thu, 4 Jan 2024 18:24:05 +0100 Subject: pam_unix: clean additional possible sensitive buffers --- modules/pam_unix/bigcrypt.c | 3 +++ modules/pam_unix/pam_unix_passwd.c | 3 ++- modules/pam_unix/passverify.c | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/bigcrypt.c') diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index f7c35a47..be7cdb93 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -107,6 +107,7 @@ char *bigcrypt(const char *key, const char *salt) tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ #endif if (tmp_ptr == NULL) { + pam_overwrite_array(keybuf); free(dec_c2_cryptbuf); #ifdef HAVE_CRYPT_R free(cdata); @@ -136,6 +137,7 @@ char *bigcrypt(const char *key, const char *salt) tmp_ptr = crypt(plaintext_ptr, salt_ptr); #endif if (tmp_ptr == NULL) { + pam_overwrite_array(keybuf); pam_overwrite_string(dec_c2_cryptbuf); free(dec_c2_cryptbuf); #ifdef HAVE_CRYPT_R @@ -156,6 +158,7 @@ char *bigcrypt(const char *key, const char *salt) } D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf)); + pam_overwrite_array(keybuf); #ifdef HAVE_CRYPT_R pam_overwrite_object(cdata); free(cdata); diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 3a223949..b915ce66 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -350,7 +350,7 @@ static int check_old_password(const char *forwho, const char *newpass) if (opwfile == NULL) return PAM_ABORT; - while (getline(&buf, &n, opwfile) != -1) { + for (; getline(&buf, &n, opwfile) != -1; pam_overwrite_n(buf, n)) { if (!strncmp(buf, forwho, len) && (buf[len] == ':' || buf[len] == ',')) { char *sptr; @@ -372,6 +372,7 @@ static int check_old_password(const char *forwho, const char *newpass) break; } } + pam_overwrite_n(buf, n); free(buf); fclose(opwfile); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 2c95bba2..426d4028 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -729,7 +729,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, goto done; } - while (getline(&buf, &bufsize, opwfile) != -1) { + for (; getline(&buf, &bufsize, opwfile) != -1; pam_overwrite_n(buf, bufsize)) { if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { char *ep, *sptr = NULL; long value; @@ -779,6 +779,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, break; } } + pam_overwrite_n(buf, bufsize); free(buf); fclose(opwfile); -- cgit v1.2.3 From 0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Tue, 16 Jan 2024 15:12:58 +0100 Subject: modules: zero out crypt_r(3) data before usage The manual page of crypt_r(3) recommends to zero the entire data object. --- modules/pam_pwhistory/opasswd.c | 4 +--- modules/pam_unix/bigcrypt.c | 3 +-- modules/pam_unix/passverify.c | 6 ++---- modules/pam_userdb/pam_userdb.c | 3 +-- 4 files changed, 5 insertions(+), 11 deletions(-) (limited to 'modules/pam_unix/bigcrypt.c') diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index b7711e03..a4bcbaae 100644 --- a/modules/pam_pwhistory/opasswd.c +++ b/modules/pam_pwhistory/opasswd.c @@ -127,9 +127,7 @@ compare_password(const char *newpass, const char *oldpass) char *outval; int retval; #ifdef HAVE_CRYPT_R - struct crypt_data output; - - output.initialized = 0; + struct crypt_data output = { 0 }; outval = crypt_r (newpass, oldpass, &output); #else diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index be7cdb93..1b32c3f2 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -67,12 +67,11 @@ char *bigcrypt(const char *key, const char *salt) return NULL; } #ifdef HAVE_CRYPT_R - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if(!cdata) { free(dec_c2_cryptbuf); return NULL; } - cdata->initialized = 0; #endif /* fill KEYBUF_SIZE with key */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 1bc98fa2..30045333 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -144,9 +144,8 @@ PAMH_ARG_DECL(int verify_pwd_hash, #endif #ifdef HAVE_CRYPT_R struct crypt_data *cdata; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; pp = x_strdup(crypt_r(p, hash, cdata)); pam_overwrite_object(cdata); free(cdata); @@ -503,9 +502,8 @@ PAMH_ARG_DECL(char * create_password_hash, #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ #ifdef HAVE_CRYPT_R sp = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; sp = crypt_r(password, salt, cdata); } #else diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 0b5e5965..7e1407f4 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -287,11 +287,10 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, } else { #ifdef HAVE_CRYPT_R struct crypt_data *cdata = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata == NULL) { pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data"); } else { - cdata->initialized = 0; cryptpw = crypt_r(pass, pwhash, cdata); } #else -- cgit v1.2.3 From 1a189b090270cf930b62ca005ad7e287e12fe04c Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Wed, 17 Jan 2024 15:32:21 +0100 Subject: pam_unix: cleanse crypt data Cleanse the crypt data also in the failure branch to sanitize in case of partial data being written. --- modules/pam_unix/bigcrypt.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_unix/bigcrypt.c') diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 1b32c3f2..296e01f7 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -109,6 +109,7 @@ char *bigcrypt(const char *key, const char *salt) pam_overwrite_array(keybuf); free(dec_c2_cryptbuf); #ifdef HAVE_CRYPT_R + pam_overwrite_object(cdata); free(cdata); #endif return NULL; -- cgit v1.2.3