From d5c01cfd6e47503fb597c5568f43cdf079a30719 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Thu, 4 Jan 2024 18:24:05 +0100
Subject: pam_unix: clean additional possible sensitive buffers

---
 modules/pam_unix/bigcrypt.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules/pam_unix/bigcrypt.c')

diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index f7c35a47..be7cdb93 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -107,6 +107,7 @@ char *bigcrypt(const char *key, const char *salt)
 	tmp_ptr = crypt(plaintext_ptr, salt);	/* libc crypt() */
 #endif
 	if (tmp_ptr == NULL) {
+		pam_overwrite_array(keybuf);
 		free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
 		free(cdata);
@@ -136,6 +137,7 @@ char *bigcrypt(const char *key, const char *salt)
 			tmp_ptr = crypt(plaintext_ptr, salt_ptr);
 #endif
 			if (tmp_ptr == NULL) {
+				pam_overwrite_array(keybuf);
 				pam_overwrite_string(dec_c2_cryptbuf);
 				free(dec_c2_cryptbuf);
 #ifdef HAVE_CRYPT_R
@@ -156,6 +158,7 @@ char *bigcrypt(const char *key, const char *salt)
 	}
 	D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf));
 
+	pam_overwrite_array(keybuf);
 #ifdef HAVE_CRYPT_R
 	pam_overwrite_object(cdata);
 	free(cdata);
-- 
cgit v1.2.3