From 0e80c788850c4a699e4bfb3ab7b44e354b8fdfd7 Mon Sep 17 00:00:00 2001 From: Christian Göttsche Date: Tue, 16 Jan 2024 15:12:58 +0100 Subject: modules: zero out crypt_r(3) data before usage The manual page of crypt_r(3) recommends to zero the entire data object. --- modules/pam_unix/bigcrypt.c | 3 +-- modules/pam_unix/passverify.c | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'modules/pam_unix') diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index be7cdb93..1b32c3f2 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -67,12 +67,11 @@ char *bigcrypt(const char *key, const char *salt) return NULL; } #ifdef HAVE_CRYPT_R - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if(!cdata) { free(dec_c2_cryptbuf); return NULL; } - cdata->initialized = 0; #endif /* fill KEYBUF_SIZE with key */ diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 1bc98fa2..30045333 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -144,9 +144,8 @@ PAMH_ARG_DECL(int verify_pwd_hash, #endif #ifdef HAVE_CRYPT_R struct crypt_data *cdata; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; pp = x_strdup(crypt_r(p, hash, cdata)); pam_overwrite_object(cdata); free(cdata); @@ -503,9 +502,8 @@ PAMH_ARG_DECL(char * create_password_hash, #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */ #ifdef HAVE_CRYPT_R sp = NULL; - cdata = malloc(sizeof(*cdata)); + cdata = calloc(1, sizeof(*cdata)); if (cdata != NULL) { - cdata->initialized = 0; sp = crypt_r(password, salt, cdata); } #else -- cgit v1.2.3