From bcba17939e1b1a568cd4a764534cde74d37078cc Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 30 Jan 2023 17:56:58 +0100
Subject: modules: make use of secure memory erasure

Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.

Non trivial changes:

- pam_env:
  * erase environment variables where possible

- pam_exec:
  * erase responce on error
  * erase auth token

- pam_pwhistory:
  * erase buffers containing old passwords

- pam_selinux: skip overwriting data structure consisting of only
  pointers to insensitive data, which also gets free'd afterwards (so
  it currently does not protect against double-free or use-after-free on
  the member pointers)

- pam_unix: erase cipher data in more places

- pam_userdb: erase password hashes
---
 modules/pam_unix/md5.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'modules/pam_unix/md5.c')

diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c
index 229112cf..95b8de4c 100644
--- a/modules/pam_unix/md5.c
+++ b/modules/pam_unix/md5.c
@@ -21,6 +21,8 @@
 #include <string.h>
 #include "md5.h"
 
+#include "pam_inline.h"
+
 #ifndef HIGHFIRST
 #define byteReverse(buf, len)	/* Nothing */
 #else
@@ -149,7 +151,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
 	MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 	byteReverse(ctx->buf.i, 4);
 	memcpy(digest, ctx->buf.c, 16);
-	memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
+	pam_overwrite_object(ctx);	/* In case it's sensitive */
 }
 
 #ifndef ASM_MD5
-- 
cgit v1.2.3